May 12 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20433]: pam_unix(cron:session): session closed for user root
May 12 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22558]: pam_unix(cron:session): session closed for user root
May 12 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24338]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24339]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24335]: pam_unix(cron:session): session closed for user p13x
May 12 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24415]: Successful su for rubyman by root
May 12 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24415]: + ??? root:rubyman
May 12 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377307 of user rubyman.
May 12 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24415]: pam_unix(su:session): session closed for user rubyman
May 12 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377307.
May 12 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24540]: Invalid user sudo from 193.32.162.130
May 12 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24540]: input_userauth_request: invalid user sudo [preauth]
May 12 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20906]: pam_unix(cron:session): session closed for user root
May 12 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24540]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.130
May 12 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24337]: pam_unix(cron:session): session closed for user samftp
May 12 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24540]: Failed password for invalid user sudo from 193.32.162.130 port 43598 ssh2
May 12 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24540]: Connection closed by 193.32.162.130 port 43598 [preauth]
May 12 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May 12 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: Failed password for root from 164.68.105.9 port 57606 ssh2
May 12 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: Connection closed by 164.68.105.9 port 57606 [preauth]
May 12 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Invalid user shubham from 110.49.76.244
May 12 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: input_userauth_request: invalid user shubham [preauth]
May 12 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.76.244
May 12 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Failed password for invalid user shubham from 110.49.76.244 port 49152 ssh2
May 12 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Received disconnect from 110.49.76.244 port 49152:11: Bye Bye [preauth]
May 12 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Disconnected from 110.49.76.244 port 49152 [preauth]
May 12 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23028]: pam_unix(cron:session): session closed for user root
May 12 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24778]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24776]: pam_unix(cron:session): session closed for user p13x
May 12 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24838]: Successful su for rubyman by root
May 12 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24838]: + ??? root:rubyman
May 12 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377311 of user rubyman.
May 12 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24838]: pam_unix(su:session): session closed for user rubyman
May 12 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377311.
May 12 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21348]: pam_unix(cron:session): session closed for user root
May 12 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24777]: pam_unix(cron:session): session closed for user samftp
May 12 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23556]: pam_unix(cron:session): session closed for user root
May 12 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Invalid user dev from 36.71.66.248
May 12 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: input_userauth_request: invalid user dev [preauth]
May 12 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.71.66.248
May 12 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: Invalid user eliot from 36.112.132.249
May 12 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: input_userauth_request: invalid user eliot [preauth]
May 12 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.112.132.249
May 12 06:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Failed password for invalid user dev from 36.71.66.248 port 50834 ssh2
May 12 06:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Received disconnect from 36.71.66.248 port 50834:11: Bye Bye [preauth]
May 12 06:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Disconnected from 36.71.66.248 port 50834 [preauth]
May 12 06:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: Failed password for invalid user eliot from 36.112.132.249 port 37318 ssh2
May 12 06:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: Received disconnect from 36.112.132.249 port 37318:11: Bye Bye [preauth]
May 12 06:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: Disconnected from 36.112.132.249 port 37318 [preauth]
May 12 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25190]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25188]: pam_unix(cron:session): session closed for user p13x
May 12 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25251]: Successful su for rubyman by root
May 12 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25251]: + ??? root:rubyman
May 12 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377315 of user rubyman.
May 12 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25251]: pam_unix(su:session): session closed for user rubyman
May 12 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377315.
May 12 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user root
May 12 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25189]: pam_unix(cron:session): session closed for user samftp
May 12 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24339]: pam_unix(cron:session): session closed for user root
May 12 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session closed for user root
May 12 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25609]: pam_unix(cron:session): session closed for user p13x
May 12 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25715]: Successful su for rubyman by root
May 12 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25715]: + ??? root:rubyman
May 12 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377323 of user rubyman.
May 12 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25715]: pam_unix(su:session): session closed for user rubyman
May 12 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377323.
May 12 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session closed for user root
May 12 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22557]: pam_unix(cron:session): session closed for user root
May 12 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session closed for user samftp
May 12 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session closed for user root
May 12 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session closed for user p13x
May 12 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26194]: Successful su for rubyman by root
May 12 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26194]: + ??? root:rubyman
May 12 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377325 of user rubyman.
May 12 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26194]: pam_unix(su:session): session closed for user rubyman
May 12 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377325.
May 12 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23027]: pam_unix(cron:session): session closed for user root
May 12 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session closed for user samftp
May 12 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session closed for user root
May 12 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26629]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26628]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26626]: pam_unix(cron:session): session closed for user p13x
May 12 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: Successful su for rubyman by root
May 12 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: + ??? root:rubyman
May 12 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377330 of user rubyman.
May 12 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: pam_unix(su:session): session closed for user rubyman
May 12 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377330.
May 12 06:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23555]: pam_unix(cron:session): session closed for user root
May 12 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26627]: pam_unix(cron:session): session closed for user samftp
May 12 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session closed for user root
May 12 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27138]: pam_unix(cron:session): session closed for user p13x
May 12 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27205]: Successful su for rubyman by root
May 12 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27205]: + ??? root:rubyman
May 12 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377334 of user rubyman.
May 12 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27205]: pam_unix(su:session): session closed for user rubyman
May 12 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377334.
May 12 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24338]: pam_unix(cron:session): session closed for user root
May 12 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27139]: pam_unix(cron:session): session closed for user samftp
May 12 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session closed for user root
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27659]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27660]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27653]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session closed for user p13x
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27780]: Successful su for rubyman by root
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27780]: + ??? root:rubyman
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377337 of user rubyman.
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27780]: pam_unix(su:session): session closed for user rubyman
May 12 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377337.
May 12 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27653]: pam_unix(cron:session): session closed for user root
May 12 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24778]: pam_unix(cron:session): session closed for user root
May 12 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session closed for user samftp
May 12 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26629]: pam_unix(cron:session): session closed for user root
May 12 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: Invalid user qiuhan from 36.71.66.248
May 12 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: input_userauth_request: invalid user qiuhan [preauth]
May 12 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.71.66.248
May 12 06:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: Failed password for invalid user qiuhan from 36.71.66.248 port 43016 ssh2
May 12 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: Received disconnect from 36.71.66.248 port 43016:11: Bye Bye [preauth]
May 12 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: Disconnected from 36.71.66.248 port 43016 [preauth]
May 12 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.76.244  user=root
May 12 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Failed password for root from 110.49.76.244 port 56226 ssh2
May 12 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Received disconnect from 110.49.76.244 port 56226:11: Bye Bye [preauth]
May 12 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Disconnected from 110.49.76.244 port 56226 [preauth]
May 12 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28182]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28185]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28183]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28185]: pam_unix(cron:session): session closed for user root
May 12 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28179]: pam_unix(cron:session): session closed for user p13x
May 12 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28249]: Successful su for rubyman by root
May 12 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28249]: + ??? root:rubyman
May 12 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377343 of user rubyman.
May 12 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28249]: pam_unix(su:session): session closed for user rubyman
May 12 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377343.
May 12 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28182]: pam_unix(cron:session): session closed for user root
May 12 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25190]: pam_unix(cron:session): session closed for user root
May 12 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28181]: pam_unix(cron:session): session closed for user samftp
May 12 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session closed for user root
May 12 06:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28555]: Invalid user university from 50.235.31.47
May 12 06:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28555]: input_userauth_request: invalid user university [preauth]
May 12 06:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28555]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May 12 06:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28555]: Failed password for invalid user university from 50.235.31.47 port 49456 ssh2
May 12 06:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28555]: Connection closed by 50.235.31.47 port 49456 [preauth]
May 12 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28622]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28623]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28620]: pam_unix(cron:session): session closed for user p13x
May 12 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28688]: Successful su for rubyman by root
May 12 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28688]: + ??? root:rubyman
May 12 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377350 of user rubyman.
May 12 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28688]: pam_unix(su:session): session closed for user rubyman
May 12 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377350.
May 12 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user root
May 12 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28621]: pam_unix(cron:session): session closed for user samftp
May 12 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27660]: pam_unix(cron:session): session closed for user root
May 12 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: Invalid user admin from 80.94.95.125
May 12 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: input_userauth_request: invalid user admin [preauth]
May 12 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: Failed password for invalid user admin from 80.94.95.125 port 59407 ssh2
May 12 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: Received disconnect from 80.94.95.125 port 59407:11: Bye [preauth]
May 12 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: Disconnected from 80.94.95.125 port 59407 [preauth]
May 12 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29125]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29126]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29123]: pam_unix(cron:session): session closed for user p13x
May 12 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29197]: Successful su for rubyman by root
May 12 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29197]: + ??? root:rubyman
May 12 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377354 of user rubyman.
May 12 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29197]: pam_unix(su:session): session closed for user rubyman
May 12 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377354.
May 12 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session closed for user root
May 12 06:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29124]: pam_unix(cron:session): session closed for user samftp
May 12 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Bad protocol version identification 'GET / HTTP/1.1' from 3.143.250.164 port 51160
May 12 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28184]: pam_unix(cron:session): session closed for user root
May 12 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29546]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session closed for user p13x
May 12 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29609]: Successful su for rubyman by root
May 12 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29609]: + ??? root:rubyman
May 12 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377358 of user rubyman.
May 12 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29609]: pam_unix(su:session): session closed for user rubyman
May 12 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377358.
May 12 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26628]: pam_unix(cron:session): session closed for user root
May 12 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29545]: pam_unix(cron:session): session closed for user samftp
May 12 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28623]: pam_unix(cron:session): session closed for user root
May 12 06:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Invalid user dz from 190.103.202.7
May 12 06:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: input_userauth_request: invalid user dz [preauth]
May 12 06:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 06:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Failed password for invalid user dz from 190.103.202.7 port 38780 ssh2
May 12 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Connection closed by 190.103.202.7 port 38780 [preauth]
May 12 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: Invalid user admin from 80.94.95.112
May 12 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: input_userauth_request: invalid user admin [preauth]
May 12 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: Failed password for invalid user admin from 80.94.95.112 port 27756 ssh2
May 12 06:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: Failed password for invalid user admin from 80.94.95.112 port 27756 ssh2
May 12 06:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: Failed password for invalid user admin from 80.94.95.112 port 27756 ssh2
May 12 06:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: Failed password for invalid user admin from 80.94.95.112 port 27756 ssh2
May 12 06:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: Failed password for invalid user admin from 80.94.95.112 port 27756 ssh2
May 12 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: Received disconnect from 80.94.95.112 port 27756:11: Bye [preauth]
May 12 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: Disconnected from 80.94.95.112 port 27756 [preauth]
May 12 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29961]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29960]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29958]: pam_unix(cron:session): session closed for user p13x
May 12 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: Successful su for rubyman by root
May 12 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: + ??? root:rubyman
May 12 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377360 of user rubyman.
May 12 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: pam_unix(su:session): session closed for user rubyman
May 12 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377360.
May 12 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session closed for user root
May 12 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29959]: pam_unix(cron:session): session closed for user samftp
May 12 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29126]: pam_unix(cron:session): session closed for user root
May 12 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30360]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30362]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30361]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30363]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30363]: pam_unix(cron:session): session closed for user root
May 12 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30357]: pam_unix(cron:session): session closed for user p13x
May 12 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30427]: Successful su for rubyman by root
May 12 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30427]: + ??? root:rubyman
May 12 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377366 of user rubyman.
May 12 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30427]: pam_unix(su:session): session closed for user rubyman
May 12 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377366.
May 12 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30360]: pam_unix(cron:session): session closed for user root
May 12 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27659]: pam_unix(cron:session): session closed for user root
May 12 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30358]: pam_unix(cron:session): session closed for user samftp
May 12 06:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 06:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Invalid user zhangsan from 36.71.66.248
May 12 06:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: input_userauth_request: invalid user zhangsan [preauth]
May 12 06:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.71.66.248
May 12 06:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Failed password for root from 218.92.0.179 port 16634 ssh2
May 12 06:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Failed password for root from 218.92.0.179 port 16634 ssh2
May 12 06:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Failed password for invalid user zhangsan from 36.71.66.248 port 33268 ssh2
May 12 06:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Received disconnect from 36.71.66.248 port 33268:11: Bye Bye [preauth]
May 12 06:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Disconnected from 36.71.66.248 port 33268 [preauth]
May 12 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Failed password for root from 218.92.0.179 port 16634 ssh2
May 12 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Received disconnect from 218.92.0.179 port 16634:11:  [preauth]
May 12 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Disconnected from 218.92.0.179 port 16634 [preauth]
May 12 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session closed for user root
May 12 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30789]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30788]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session closed for user p13x
May 12 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30854]: Successful su for rubyman by root
May 12 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30854]: + ??? root:rubyman
May 12 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377370 of user rubyman.
May 12 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30854]: pam_unix(su:session): session closed for user rubyman
May 12 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377370.
May 12 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28183]: pam_unix(cron:session): session closed for user root
May 12 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session closed for user samftp
May 12 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29961]: pam_unix(cron:session): session closed for user root
May 12 06:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: Invalid user tony from 110.49.76.244
May 12 06:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: input_userauth_request: invalid user tony [preauth]
May 12 06:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.76.244
May 12 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: Failed password for invalid user tony from 110.49.76.244 port 35056 ssh2
May 12 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: Received disconnect from 110.49.76.244 port 35056:11: Bye Bye [preauth]
May 12 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: Disconnected from 110.49.76.244 port 35056 [preauth]
May 12 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31297]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31298]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31294]: pam_unix(cron:session): session closed for user p13x
May 12 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31359]: Successful su for rubyman by root
May 12 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31359]: + ??? root:rubyman
May 12 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377375 of user rubyman.
May 12 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31359]: pam_unix(su:session): session closed for user rubyman
May 12 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377375.
May 12 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28622]: pam_unix(cron:session): session closed for user root
May 12 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31295]: pam_unix(cron:session): session closed for user samftp
May 12 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30362]: pam_unix(cron:session): session closed for user root
May 12 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31723]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31721]: pam_unix(cron:session): session closed for user p13x
May 12 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31785]: Successful su for rubyman by root
May 12 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31785]: + ??? root:rubyman
May 12 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377379 of user rubyman.
May 12 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31785]: pam_unix(su:session): session closed for user rubyman
May 12 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377379.
May 12 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29125]: pam_unix(cron:session): session closed for user root
May 12 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31722]: pam_unix(cron:session): session closed for user samftp
May 12 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.39.1.158  user=root
May 12 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Failed password for root from 110.39.1.158 port 30709 ssh2
May 12 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30789]: pam_unix(cron:session): session closed for user root
May 12 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Connection closed by 110.39.1.158 port 30709 [preauth]
May 12 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32439]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32438]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32436]: pam_unix(cron:session): session closed for user p13x
May 12 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32505]: Successful su for rubyman by root
May 12 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32505]: + ??? root:rubyman
May 12 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377382 of user rubyman.
May 12 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32505]: pam_unix(su:session): session closed for user rubyman
May 12 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377382.
May 12 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29546]: pam_unix(cron:session): session closed for user root
May 12 06:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32437]: pam_unix(cron:session): session closed for user samftp
May 12 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31298]: pam_unix(cron:session): session closed for user root
May 12 06:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 06:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Failed password for root from 218.92.0.179 port 51635 ssh2
May 12 06:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 51635 ssh2]
May 12 06:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Received disconnect from 218.92.0.179 port 51635:11:  [preauth]
May 12 06:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Disconnected from 218.92.0.179 port 51635 [preauth]
May 12 06:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[554]: Bad protocol version identification '\026\003\001' from 3.143.250.164 port 38094
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[570]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[568]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[569]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[567]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[570]: pam_unix(cron:session): session closed for user root
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[565]: pam_unix(cron:session): session closed for user p13x
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[644]: Successful su for rubyman by root
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[644]: + ??? root:rubyman
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377391 of user rubyman.
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[644]: pam_unix(su:session): session closed for user rubyman
May 12 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377391.
May 12 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[567]: pam_unix(cron:session): session closed for user root
May 12 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29960]: pam_unix(cron:session): session closed for user root
May 12 06:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[566]: pam_unix(cron:session): session closed for user samftp
May 12 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session closed for user root
May 12 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 06:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Failed password for root from 218.92.0.179 port 58638 ssh2
May 12 06:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Failed password for root from 218.92.0.179 port 58638 ssh2
May 12 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1080]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1081]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1078]: pam_unix(cron:session): session closed for user p13x
May 12 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1150]: Successful su for rubyman by root
May 12 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1150]: + ??? root:rubyman
May 12 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377392 of user rubyman.
May 12 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1150]: pam_unix(su:session): session closed for user rubyman
May 12 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377392.
May 12 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Failed password for root from 218.92.0.179 port 58638 ssh2
May 12 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Received disconnect from 218.92.0.179 port 58638:11:  [preauth]
May 12 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Disconnected from 218.92.0.179 port 58638 [preauth]
May 12 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30361]: pam_unix(cron:session): session closed for user root
May 12 06:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1079]: pam_unix(cron:session): session closed for user samftp
May 12 06:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: Invalid user intel from 36.71.66.248
May 12 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: input_userauth_request: invalid user intel [preauth]
May 12 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.71.66.248
May 12 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: Failed password for invalid user intel from 36.71.66.248 port 46230 ssh2
May 12 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: Received disconnect from 36.71.66.248 port 46230:11: Bye Bye [preauth]
May 12 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: Disconnected from 36.71.66.248 port 46230 [preauth]
May 12 06:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32439]: pam_unix(cron:session): session closed for user root
May 12 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1572]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1573]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1570]: pam_unix(cron:session): session closed for user p13x
May 12 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1639]: Successful su for rubyman by root
May 12 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1639]: + ??? root:rubyman
May 12 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377397 of user rubyman.
May 12 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1639]: pam_unix(su:session): session closed for user rubyman
May 12 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377397.
May 12 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30788]: pam_unix(cron:session): session closed for user root
May 12 06:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1571]: pam_unix(cron:session): session closed for user samftp
May 12 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[569]: pam_unix(cron:session): session closed for user root
May 12 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2104]: pam_unix(cron:session): session closed for user p13x
May 12 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2172]: Successful su for rubyman by root
May 12 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2172]: + ??? root:rubyman
May 12 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377400 of user rubyman.
May 12 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2172]: pam_unix(su:session): session closed for user rubyman
May 12 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377400.
May 12 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31297]: pam_unix(cron:session): session closed for user root
May 12 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2105]: pam_unix(cron:session): session closed for user samftp
May 12 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1081]: pam_unix(cron:session): session closed for user root
May 12 06:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Invalid user autrede from 110.49.76.244
May 12 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: input_userauth_request: invalid user autrede [preauth]
May 12 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.76.244
May 12 06:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Failed password for invalid user autrede from 110.49.76.244 port 42130 ssh2
May 12 06:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Received disconnect from 110.49.76.244 port 42130:11: Bye Bye [preauth]
May 12 06:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Disconnected from 110.49.76.244 port 42130 [preauth]
May 12 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2554]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2550]: pam_unix(cron:session): session closed for user p13x
May 12 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: Successful su for rubyman by root
May 12 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: + ??? root:rubyman
May 12 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377404 of user rubyman.
May 12 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: pam_unix(su:session): session closed for user rubyman
May 12 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377404.
May 12 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31723]: pam_unix(cron:session): session closed for user root
May 12 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2551]: pam_unix(cron:session): session closed for user samftp
May 12 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1573]: pam_unix(cron:session): session closed for user root
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session closed for user root
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session closed for user p13x
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3057]: Successful su for rubyman by root
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3057]: + ??? root:rubyman
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377413 of user rubyman.
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3057]: pam_unix(su:session): session closed for user rubyman
May 12 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377413.
May 12 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session closed for user root
May 12 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32438]: pam_unix(cron:session): session closed for user root
May 12 06:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session closed for user samftp
May 12 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 06:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: Failed password for root from 218.92.0.179 port 26771 ssh2
May 12 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 26771 ssh2]
May 12 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session closed for user root
May 12 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3446]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3447]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3443]: pam_unix(cron:session): session closed for user p13x
May 12 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3514]: Successful su for rubyman by root
May 12 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3514]: + ??? root:rubyman
May 12 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377414 of user rubyman.
May 12 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3514]: pam_unix(su:session): session closed for user rubyman
May 12 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377414.
May 12 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[568]: pam_unix(cron:session): session closed for user root
May 12 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: Invalid user admin from 80.94.95.125
May 12 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: input_userauth_request: invalid user admin [preauth]
May 12 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3445]: pam_unix(cron:session): session closed for user samftp
May 12 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: Failed password for invalid user admin from 80.94.95.125 port 62519 ssh2
May 12 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: Received disconnect from 80.94.95.125 port 62519:11: Bye [preauth]
May 12 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: Disconnected from 80.94.95.125 port 62519 [preauth]
May 12 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2554]: pam_unix(cron:session): session closed for user root
May 12 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3884]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3885]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3882]: pam_unix(cron:session): session closed for user p13x
May 12 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3956]: Successful su for rubyman by root
May 12 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3956]: + ??? root:rubyman
May 12 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377420 of user rubyman.
May 12 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3956]: pam_unix(su:session): session closed for user rubyman
May 12 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377420.
May 12 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1080]: pam_unix(cron:session): session closed for user root
May 12 06:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3883]: pam_unix(cron:session): session closed for user samftp
May 12 06:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: Invalid user ftpuser from 36.71.66.248
May 12 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: input_userauth_request: invalid user ftpuser [preauth]
May 12 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: pam_unix(sshd:auth): check pass; user unknown
May 12 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.71.66.248
May 12 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: Failed password for invalid user ftpuser from 36.71.66.248 port 57144 ssh2
May 12 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: Received disconnect from 36.71.66.248 port 57144:11: Bye Bye [preauth]
May 12 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: Disconnected from 36.71.66.248 port 57144 [preauth]
May 12 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session closed for user root
May 12 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4468]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4469]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session closed for user p13x
May 12 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4543]: Successful su for rubyman by root
May 12 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4543]: + ??? root:rubyman
May 12 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377422 of user rubyman.
May 12 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4543]: pam_unix(su:session): session closed for user rubyman
May 12 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377422.
May 12 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1572]: pam_unix(cron:session): session closed for user root
May 12 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4466]: pam_unix(cron:session): session closed for user samftp
May 12 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3447]: pam_unix(cron:session): session closed for user root
May 12 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: Connection reset by 111.43.41.40 port 38927 [preauth]
May 12 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: Connection reset by 111.43.41.40 port 39010 [preauth]
May 12 06:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Connection reset by 111.43.41.40 port 39088 [preauth]
May 12 06:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: Connection reset by 111.43.41.40 port 39167 [preauth]
May 12 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Connection reset by 111.43.41.40 port 39240 [preauth]
May 12 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4896]: Connection reset by 111.43.41.40 port 39303 [preauth]
May 12 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: Connection reset by 111.43.41.40 port 39367 [preauth]
May 12 06:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: Connection reset by 111.43.41.40 port 39442 [preauth]
May 12 06:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4902]: Connection reset by 111.43.41.40 port 39517 [preauth]
May 12 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4904]: Connection reset by 111.43.41.40 port 39595 [preauth]
May 12 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4906]: Connection reset by 111.43.41.40 port 39663 [preauth]
May 12 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Connection reset by 111.43.41.40 port 39723 [preauth]
May 12 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Connection reset by 111.43.41.40 port 39791 [preauth]
May 12 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Connection reset by 111.43.41.40 port 39855 [preauth]
May 12 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4917]: Connection reset by 111.43.41.40 port 39923 [preauth]
May 12 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4930]: Connection reset by 111.43.41.40 port 40000 [preauth]
May 12 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4933]: Connection reset by 111.43.41.40 port 40060 [preauth]
May 12 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Connection reset by 111.43.41.40 port 40125 [preauth]
May 12 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Connection reset by 111.43.41.40 port 40193 [preauth]
May 12 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4941]: Connection reset by 111.43.41.40 port 40277 [preauth]
May 12 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4945]: Connection reset by 111.43.41.40 port 40346 [preauth]
May 12 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: Connection reset by 111.43.41.40 port 40402 [preauth]
May 12 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4954]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4953]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4951]: pam_unix(cron:session): session closed for user p13x
May 12 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Connection reset by 111.43.41.40 port 40482 [preauth]
May 12 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5198]: Successful su for rubyman by root
May 12 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5198]: + ??? root:rubyman
May 12 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377426 of user rubyman.
May 12 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5198]: pam_unix(su:session): session closed for user rubyman
May 12 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377426.
May 12 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Connection reset by 111.43.41.40 port 40555 [preauth]
May 12 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5249]: Connection reset by 111.43.41.40 port 40627 [preauth]
May 12 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Connection reset by 111.43.41.40 port 40700 [preauth]
May 12 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Connection reset by 111.43.41.40 port 40764 [preauth]
May 12 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: Connection reset by 111.43.41.40 port 40834 [preauth]
May 12 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session closed for user root
May 12 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: Connection reset by 111.43.41.40 port 40905 [preauth]
May 12 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: Connection reset by 111.43.41.40 port 40977 [preauth]
May 12 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: Connection reset by 111.43.41.40 port 41056 [preauth]
May 12 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5399]: Connection reset by 111.43.41.40 port 41119 [preauth]
May 12 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Connection reset by 111.43.41.40 port 41194 [preauth]
May 12 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4952]: pam_unix(cron:session): session closed for user samftp
May 12 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: Connection reset by 111.43.41.40 port 41265 [preauth]
May 12 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5418]: Connection reset by 111.43.41.40 port 41331 [preauth]
May 12 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Connection reset by 111.43.41.40 port 41396 [preauth]
May 12 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: Connection reset by 111.43.41.40 port 41466 [preauth]
May 12 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: Connection reset by 111.43.41.40 port 41542 [preauth]
May 12 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5426]: Connection reset by 111.43.41.40 port 41621 [preauth]
May 12 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: Connection reset by 111.43.41.40 port 41687 [preauth]
May 12 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5443]: Connection reset by 111.43.41.40 port 41759 [preauth]
May 12 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: Connection reset by 111.43.41.40 port 41828 [preauth]
May 12 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Connection reset by 111.43.41.40 port 41897 [preauth]
May 12 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: Connection reset by 111.43.41.40 port 41970 [preauth]
May 12 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Connection reset by 111.43.41.40 port 42039 [preauth]
May 12 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5458]: Connection reset by 111.43.41.40 port 42100 [preauth]
May 12 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Connection reset by 111.43.41.40 port 42190 [preauth]
May 12 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: Connection reset by 111.43.41.40 port 42259 [preauth]
May 12 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: Connection reset by 111.43.41.40 port 42326 [preauth]
May 12 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: Connection reset by 111.43.41.40 port 42396 [preauth]
May 12 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: Connection reset by 111.43.41.40 port 42465 [preauth]
May 12 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: Connection reset by 111.43.41.40 port 42519 [preauth]
May 12 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Connection reset by 111.43.41.40 port 42594 [preauth]
May 12 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Connection reset by 111.43.41.40 port 42675 [preauth]
May 12 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Connection reset by 111.43.41.40 port 42762 [preauth]
May 12 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: Connection reset by 111.43.41.40 port 42847 [preauth]
May 12 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5511]: Connection reset by 111.43.41.40 port 42917 [preauth]
May 12 06:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Connection reset by 111.43.41.40 port 42982 [preauth]
May 12 06:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: Connection reset by 111.43.41.40 port 43059 [preauth]
May 12 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: Connection reset by 111.43.41.40 port 43125 [preauth]
May 12 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: Connection reset by 111.43.41.40 port 43208 [preauth]
May 12 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: Connection reset by 111.43.41.40 port 43302 [preauth]
May 12 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5525]: Connection reset by 111.43.41.40 port 43374 [preauth]
May 12 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Connection reset by 111.43.41.40 port 43459 [preauth]
May 12 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: Connection reset by 111.43.41.40 port 43530 [preauth]
May 12 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5556]: Connection reset by 111.43.41.40 port 43612 [preauth]
May 12 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: Connection reset by 111.43.41.40 port 43696 [preauth]
May 12 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: Connection reset by 111.43.41.40 port 43768 [preauth]
May 12 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: Connection reset by 111.43.41.40 port 43842 [preauth]
May 12 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: Connection reset by 111.43.41.40 port 43920 [preauth]
May 12 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: Connection reset by 111.43.41.40 port 44009 [preauth]
May 12 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Connection reset by 111.43.41.40 port 44086 [preauth]
May 12 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Connection reset by 111.43.41.40 port 44160 [preauth]
May 12 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Connection reset by 111.43.41.40 port 44234 [preauth]
May 12 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: Connection reset by 111.43.41.40 port 44311 [preauth]
May 12 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: Connection reset by 111.43.41.40 port 44387 [preauth]
May 12 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: Connection reset by 111.43.41.40 port 44477 [preauth]
May 12 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5633]: Connection reset by 111.43.41.40 port 44554 [preauth]
May 12 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: Connection reset by 111.43.41.40 port 44631 [preauth]
May 12 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Connection reset by 111.43.41.40 port 44716 [preauth]
May 12 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: Connection reset by 111.43.41.40 port 44796 [preauth]
May 12 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Connection reset by 111.43.41.40 port 44874 [preauth]
May 12 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: Connection reset by 111.43.41.40 port 44981 [preauth]
May 12 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: Connection reset by 111.43.41.40 port 45063 [preauth]
May 12 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: Connection reset by 111.43.41.40 port 45151 [preauth]
May 12 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5655]: Connection reset by 111.43.41.40 port 45231 [preauth]
May 12 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: Connection reset by 111.43.41.40 port 45307 [preauth]
May 12 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Connection reset by 111.43.41.40 port 45384 [preauth]
May 12 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: Connection reset by 111.43.41.40 port 45464 [preauth]
May 12 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: Connection reset by 111.43.41.40 port 45533 [preauth]
May 12 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Connection reset by 111.43.41.40 port 45602 [preauth]
May 12 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Connection reset by 111.43.41.40 port 45675 [preauth]
May 12 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: Connection reset by 111.43.41.40 port 45754 [preauth]
May 12 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5680]: Connection reset by 111.43.41.40 port 45824 [preauth]
May 12 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5683]: Connection reset by 111.43.41.40 port 45897 [preauth]
May 12 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3885]: pam_unix(cron:session): session closed for user root
May 12 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5706]: Connection reset by 111.43.41.40 port 45966 [preauth]
May 12 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: Connection reset by 111.43.41.40 port 46041 [preauth]
May 12 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Connection reset by 111.43.41.40 port 46099 [preauth]
May 12 06:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Connection reset by 111.43.41.40 port 46167 [preauth]
May 12 06:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Connection reset by 111.43.41.40 port 46232 [preauth]
May 12 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Connection reset by 111.43.41.40 port 46306 [preauth]
May 12 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: Connection reset by 111.43.41.40 port 46375 [preauth]
May 12 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5734]: Connection reset by 111.43.41.40 port 46446 [preauth]
May 12 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: Connection reset by 111.43.41.40 port 46518 [preauth]
May 12 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Connection reset by 111.43.41.40 port 46580 [preauth]
May 12 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5740]: Connection reset by 111.43.41.40 port 46655 [preauth]
May 12 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: Connection reset by 111.43.41.40 port 46725 [preauth]
May 12 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: Connection reset by 111.43.41.40 port 46796 [preauth]
May 12 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: Connection reset by 111.43.41.40 port 46932 [preauth]
May 12 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: Connection reset by 111.43.41.40 port 47011 [preauth]
May 12 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: Connection reset by 111.43.41.40 port 47094 [preauth]
May 12 06:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Connection reset by 111.43.41.40 port 47165 [preauth]
May 12 06:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Connection reset by 111.43.41.40 port 47224 [preauth]
May 12 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: Connection reset by 111.43.41.40 port 47285 [preauth]
May 12 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Connection reset by 111.43.41.40 port 47348 [preauth]
May 12 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: Connection reset by 111.43.41.40 port 47417 [preauth]
May 12 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: Connection reset by 111.43.41.40 port 47501 [preauth]
May 12 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: Connection reset by 111.43.41.40 port 47568 [preauth]
May 12 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: Connection reset by 111.43.41.40 port 47629 [preauth]
May 12 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Connection reset by 111.43.41.40 port 47691 [preauth]
May 12 06:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Connection reset by 111.43.41.40 port 47760 [preauth]
May 12 06:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5795]: Connection reset by 111.43.41.40 port 47830 [preauth]
May 12 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: Connection reset by 111.43.41.40 port 47901 [preauth]
May 12 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5895]: Connection reset by 111.43.41.40 port 48046 [preauth]
May 12 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: Connection reset by 111.43.41.40 port 48169 [preauth]
May 12 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: Connection reset by 111.43.41.40 port 48241 [preauth]
May 12 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Connection reset by 111.43.41.40 port 48315 [preauth]
May 12 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: Connection reset by 111.43.41.40 port 48396 [preauth]
May 12 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Connection reset by 111.43.41.40 port 48470 [preauth]
May 12 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Connection reset by 111.43.41.40 port 48539 [preauth]
May 12 06:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5915]: Connection reset by 111.43.41.40 port 48601 [preauth]
May 12 06:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Connection reset by 111.43.41.40 port 48682 [preauth]
May 12 06:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: Connection reset by 111.43.41.40 port 48807 [preauth]
May 12 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: Connection reset by 111.43.41.40 port 48869 [preauth]
May 12 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: Connection reset by 111.43.41.40 port 48940 [preauth]
May 12 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Connection reset by 111.43.41.40 port 49016 [preauth]
May 12 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: Connection reset by 111.43.41.40 port 49089 [preauth]
May 12 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Connection reset by 111.43.41.40 port 49157 [preauth]
May 12 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: Connection reset by 111.43.41.40 port 49224 [preauth]
May 12 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Connection reset by 111.43.41.40 port 49289 [preauth]
May 12 06:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: Connection reset by 111.43.41.40 port 49356 [preauth]
May 12 06:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Connection reset by 111.43.41.40 port 49425 [preauth]
May 12 06:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Connection reset by 111.43.41.40 port 49494 [preauth]
May 12 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Connection reset by 111.43.41.40 port 49582 [preauth]
May 12 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Connection reset by 111.43.41.40 port 49642 [preauth]
May 12 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5958]: Connection reset by 111.43.41.40 port 49713 [preauth]
May 12 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Connection reset by 111.43.41.40 port 49778 [preauth]
May 12 06:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5973]: Connection reset by 111.43.41.40 port 49917 [preauth]
May 12 06:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Connection reset by 111.43.41.40 port 49992 [preauth]
May 12 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Connection reset by 111.43.41.40 port 50075 [preauth]
May 12 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Connection reset by 111.43.41.40 port 50154 [preauth]
May 12 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: Connection reset by 111.43.41.40 port 50213 [preauth]
May 12 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: Connection reset by 111.43.41.40 port 50296 [preauth]
May 12 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: Connection reset by 111.43.41.40 port 50372 [preauth]
May 12 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: Connection reset by 111.43.41.40 port 50448 [preauth]
May 12 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6004]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6005]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session closed for user root
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6005]: pam_unix(cron:session): session closed for user root
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session closed for user p13x
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Connection reset by 111.43.41.40 port 50518 [preauth]
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Connection reset by 111.43.41.40 port 50579 [preauth]
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6113]: Successful su for rubyman by root
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6113]: + ??? root:rubyman
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377433 of user rubyman.
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6113]: pam_unix(su:session): session closed for user rubyman
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377433.
May 12 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: Connection reset by 111.43.41.40 port 50653 [preauth]
May 12 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Connection reset by 111.43.41.40 port 50738 [preauth]
May 12 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Connection reset by 111.43.41.40 port 50853 [preauth]
May 12 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session closed for user root
May 12 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Connection reset by 111.43.41.40 port 50915 [preauth]
May 12 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Connection reset by 111.43.41.40 port 50984 [preauth]
May 12 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session closed for user root
May 12 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6291]: Connection reset by 111.43.41.40 port 51049 [preauth]
May 12 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Connection reset by 111.43.41.40 port 51116 [preauth]
May 12 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: Connection reset by 111.43.41.40 port 51195 [preauth]
May 12 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6332]: Connection reset by 111.43.41.40 port 51281 [preauth]
May 12 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Connection reset by 111.43.41.40 port 51354 [preauth]
May 12 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Connection reset by 111.43.41.40 port 51429 [preauth]
May 12 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session closed for user samftp
May 12 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: Connection reset by 111.43.41.40 port 51497 [preauth]
May 12 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6360]: Connection reset by 111.43.41.40 port 51570 [preauth]
May 12 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Connection reset by 111.43.41.40 port 51651 [preauth]
May 12 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Connection reset by 111.43.41.40 port 51721 [preauth]
May 12 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: Connection reset by 111.43.41.40 port 51802 [preauth]
May 12 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Connection reset by 111.43.41.40 port 51866 [preauth]
May 12 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Connection reset by 111.43.41.40 port 51944 [preauth]
May 12 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Connection reset by 111.43.41.40 port 52007 [preauth]
May 12 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Connection reset by 111.43.41.40 port 52079 [preauth]
May 12 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Connection reset by 111.43.41.40 port 52144 [preauth]
May 12 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: Connection reset by 111.43.41.40 port 52205 [preauth]
May 12 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Connection reset by 111.43.41.40 port 52265 [preauth]
May 12 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: Connection reset by 111.43.41.40 port 52337 [preauth]
May 12 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Connection reset by 111.43.41.40 port 52419 [preauth]
May 12 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Connection reset by 111.43.41.40 port 52478 [preauth]
May 12 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: Connection reset by 111.43.41.40 port 52551 [preauth]
May 12 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: Connection reset by 111.43.41.40 port 52618 [preauth]
May 12 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Connection reset by 111.43.41.40 port 52696 [preauth]
May 12 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Connection reset by 111.43.41.40 port 52757 [preauth]
May 12 07:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6429]: Connection reset by 111.43.41.40 port 52834 [preauth]
May 12 07:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Connection reset by 111.43.41.40 port 52913 [preauth]
May 12 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: Connection reset by 111.43.41.40 port 52989 [preauth]
May 12 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: Connection reset by 111.43.41.40 port 53057 [preauth]
May 12 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: Connection reset by 111.43.41.40 port 53118 [preauth]
May 12 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6439]: Connection reset by 111.43.41.40 port 53181 [preauth]
May 12 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Connection reset by 111.43.41.40 port 53248 [preauth]
May 12 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: Connection reset by 111.43.41.40 port 53318 [preauth]
May 12 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6445]: Connection reset by 111.43.41.40 port 53408 [preauth]
May 12 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: Connection reset by 111.43.41.40 port 53477 [preauth]
May 12 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Connection reset by 111.43.41.40 port 53554 [preauth]
May 12 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Connection reset by 111.43.41.40 port 53622 [preauth]
May 12 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: Connection reset by 111.43.41.40 port 53697 [preauth]
May 12 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6469]: Connection reset by 111.43.41.40 port 53779 [preauth]
May 12 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: Connection reset by 111.43.41.40 port 53840 [preauth]
May 12 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: Connection reset by 111.43.41.40 port 53906 [preauth]
May 12 07:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: Connection reset by 111.43.41.40 port 53975 [preauth]
May 12 07:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: Connection reset by 111.43.41.40 port 54049 [preauth]
May 12 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6479]: Connection reset by 111.43.41.40 port 54116 [preauth]
May 12 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Connection reset by 111.43.41.40 port 54188 [preauth]
May 12 07:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6496]: Connection reset by 111.43.41.40 port 54266 [preauth]
May 12 07:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Connection reset by 111.43.41.40 port 54337 [preauth]
May 12 07:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: Connection reset by 111.43.41.40 port 54413 [preauth]
May 12 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: Connection reset by 111.43.41.40 port 54484 [preauth]
May 12 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6512]: Connection reset by 111.43.41.40 port 54562 [preauth]
May 12 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: Connection reset by 111.43.41.40 port 54632 [preauth]
May 12 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6516]: Connection reset by 111.43.41.40 port 54714 [preauth]
May 12 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6518]: Connection reset by 111.43.41.40 port 54779 [preauth]
May 12 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: Connection reset by 111.43.41.40 port 54841 [preauth]
May 12 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Connection reset by 111.43.41.40 port 54917 [preauth]
May 12 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: Connection reset by 111.43.41.40 port 54995 [preauth]
May 12 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: Connection reset by 111.43.41.40 port 55075 [preauth]
May 12 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6528]: Connection reset by 111.43.41.40 port 55141 [preauth]
May 12 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: Connection reset by 111.43.41.40 port 55225 [preauth]
May 12 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6540]: Connection reset by 111.43.41.40 port 55315 [preauth]
May 12 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Connection reset by 111.43.41.40 port 55384 [preauth]
May 12 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: Connection reset by 111.43.41.40 port 55452 [preauth]
May 12 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: Connection reset by 111.43.41.40 port 55514 [preauth]
May 12 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4469]: pam_unix(cron:session): session closed for user root
May 12 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: Connection reset by 111.43.41.40 port 55592 [preauth]
May 12 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: Connection reset by 111.43.41.40 port 55663 [preauth]
May 12 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6591]: Connection reset by 111.43.41.40 port 55731 [preauth]
May 12 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6601]: Connection reset by 111.43.41.40 port 55798 [preauth]
May 12 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: Connection reset by 111.43.41.40 port 55875 [preauth]
May 12 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6608]: Connection reset by 111.43.41.40 port 55948 [preauth]
May 12 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6615]: Connection reset by 111.43.41.40 port 56018 [preauth]
May 12 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: Connection reset by 111.43.41.40 port 56083 [preauth]
May 12 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6629]: Connection reset by 111.43.41.40 port 56157 [preauth]
May 12 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6631]: Connection reset by 111.43.41.40 port 56228 [preauth]
May 12 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6634]: Connection reset by 111.43.41.40 port 56304 [preauth]
May 12 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: Connection reset by 111.43.41.40 port 56367 [preauth]
May 12 07:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: Connection reset by 111.43.41.40 port 56437 [preauth]
May 12 07:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Connection reset by 111.43.41.40 port 56507 [preauth]
May 12 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Connection reset by 111.43.41.40 port 56589 [preauth]
May 12 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6646]: Connection reset by 111.43.41.40 port 56666 [preauth]
May 12 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6650]: Connection reset by 111.43.41.40 port 56772 [preauth]
May 12 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6652]: Connection reset by 111.43.41.40 port 56835 [preauth]
May 12 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6656]: Connection reset by 111.43.41.40 port 56910 [preauth]
May 12 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6667]: Connection reset by 111.43.41.40 port 56983 [preauth]
May 12 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: Connection reset by 111.43.41.40 port 57054 [preauth]
May 12 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: Connection reset by 111.43.41.40 port 57123 [preauth]
May 12 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6674]: Connection reset by 111.43.41.40 port 57182 [preauth]
May 12 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Connection reset by 111.43.41.40 port 57260 [preauth]
May 12 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Connection reset by 111.43.41.40 port 57324 [preauth]
May 12 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6696]: Connection reset by 111.43.41.40 port 57385 [preauth]
May 12 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Connection reset by 111.43.41.40 port 57457 [preauth]
May 12 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Connection reset by 111.43.41.40 port 57523 [preauth]
May 12 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6702]: Connection reset by 111.43.41.40 port 57580 [preauth]
May 12 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Connection reset by 111.43.41.40 port 57652 [preauth]
May 12 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6706]: Connection reset by 111.43.41.40 port 57716 [preauth]
May 12 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: Connection reset by 111.43.41.40 port 57785 [preauth]
May 12 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: Connection reset by 111.43.41.40 port 57859 [preauth]
May 12 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: Connection reset by 111.43.41.40 port 57926 [preauth]
May 12 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Connection reset by 111.43.41.40 port 57989 [preauth]
May 12 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: Connection reset by 111.43.41.40 port 58049 [preauth]
May 12 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6728]: Connection reset by 111.43.41.40 port 58111 [preauth]
May 12 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6730]: Connection reset by 111.43.41.40 port 58179 [preauth]
May 12 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Connection reset by 111.43.41.40 port 58247 [preauth]
May 12 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Connection reset by 111.43.41.40 port 58384 [preauth]
May 12 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6739]: Connection reset by 111.43.41.40 port 58455 [preauth]
May 12 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: Connection reset by 111.43.41.40 port 58525 [preauth]
May 12 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: Connection reset by 111.43.41.40 port 58599 [preauth]
May 12 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: Connection reset by 111.43.41.40 port 58662 [preauth]
May 12 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: Connection reset by 111.43.41.40 port 58718 [preauth]
May 12 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Connection reset by 111.43.41.40 port 58782 [preauth]
May 12 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: Connection reset by 111.43.41.40 port 58851 [preauth]
May 12 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: Connection reset by 111.43.41.40 port 58914 [preauth]
May 12 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6768]: Connection reset by 111.43.41.40 port 58989 [preauth]
May 12 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: Connection reset by 111.43.41.40 port 59052 [preauth]
May 12 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: Connection reset by 111.43.41.40 port 59120 [preauth]
May 12 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Connection reset by 111.43.41.40 port 59179 [preauth]
May 12 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6778]: Connection reset by 111.43.41.40 port 59238 [preauth]
May 12 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6780]: Connection reset by 111.43.41.40 port 59296 [preauth]
May 12 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Connection reset by 111.43.41.40 port 59369 [preauth]
May 12 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Connection reset by 111.43.41.40 port 59448 [preauth]
May 12 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: Connection reset by 111.43.41.40 port 59505 [preauth]
May 12 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: Connection reset by 111.43.41.40 port 59568 [preauth]
May 12 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Connection reset by 111.43.41.40 port 59630 [preauth]
May 12 07:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Connection reset by 111.43.41.40 port 59697 [preauth]
May 12 07:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: Connection reset by 111.43.41.40 port 59770 [preauth]
May 12 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: Connection reset by 111.43.41.40 port 59850 [preauth]
May 12 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Connection reset by 111.43.41.40 port 59917 [preauth]
May 12 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Connection reset by 111.43.41.40 port 59980 [preauth]
May 12 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: Connection reset by 111.43.41.40 port 60074 [preauth]
May 12 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session closed for user p13x
May 12 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Connection reset by 111.43.41.40 port 60158 [preauth]
May 12 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6892]: Successful su for rubyman by root
May 12 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6892]: + ??? root:rubyman
May 12 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377437 of user rubyman.
May 12 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6892]: pam_unix(su:session): session closed for user rubyman
May 12 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377437.
May 12 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: Connection reset by 111.43.41.40 port 60226 [preauth]
May 12 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: Connection reset by 111.43.41.40 port 60283 [preauth]
May 12 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Invalid user zhangsan from 110.49.76.244
May 12 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: input_userauth_request: invalid user zhangsan [preauth]
May 12 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.76.244
May 12 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Connection reset by 111.43.41.40 port 60350 [preauth]
May 12 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7104]: Connection reset by 111.43.41.40 port 60503 [preauth]
May 12 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7148]: Connection reset by 111.43.41.40 port 60574 [preauth]
May 12 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: Connection reset by 111.43.41.40 port 60639 [preauth]
May 12 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Failed password for invalid user zhangsan from 110.49.76.244 port 49208 ssh2
May 12 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session closed for user root
May 12 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Received disconnect from 110.49.76.244 port 49208:11: Bye Bye [preauth]
May 12 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Disconnected from 110.49.76.244 port 49208 [preauth]
May 12 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: Connection reset by 111.43.41.40 port 60703 [preauth]
May 12 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: Connection reset by 111.43.41.40 port 60767 [preauth]
May 12 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: Connection reset by 111.43.41.40 port 60836 [preauth]
May 12 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: Connection reset by 111.43.41.40 port 60899 [preauth]
May 12 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6818]: pam_unix(cron:session): session closed for user samftp
May 12 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: Connection reset by 111.43.41.40 port 60969 [preauth]
May 12 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: Connection reset by 111.43.41.40 port 32800 [preauth]
May 12 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Connection reset by 111.43.41.40 port 32862 [preauth]
May 12 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: Connection reset by 111.43.41.40 port 32923 [preauth]
May 12 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7237]: Connection reset by 111.43.41.40 port 32986 [preauth]
May 12 07:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Connection reset by 111.43.41.40 port 33128 [preauth]
May 12 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Connection reset by 111.43.41.40 port 33203 [preauth]
May 12 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Connection reset by 111.43.41.40 port 33277 [preauth]
May 12 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7247]: Connection reset by 111.43.41.40 port 33340 [preauth]
May 12 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Connection reset by 111.43.41.40 port 33415 [preauth]
May 12 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7251]: Connection reset by 111.43.41.40 port 33487 [preauth]
May 12 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: Connection reset by 111.43.41.40 port 33555 [preauth]
May 12 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: Connection reset by 111.43.41.40 port 33621 [preauth]
May 12 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7257]: Connection reset by 111.43.41.40 port 33689 [preauth]
May 12 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7260]: Connection reset by 111.43.41.40 port 33764 [preauth]
May 12 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Connection reset by 111.43.41.40 port 33837 [preauth]
May 12 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: Connection reset by 111.43.41.40 port 33912 [preauth]
May 12 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Connection reset by 111.43.41.40 port 33984 [preauth]
May 12 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Connection reset by 111.43.41.40 port 34055 [preauth]
May 12 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7297]: Connection reset by 111.43.41.40 port 34138 [preauth]
May 12 07:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Connection reset by 111.43.41.40 port 34216 [preauth]
May 12 07:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Connection reset by 111.43.41.40 port 34291 [preauth]
May 12 07:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: Connection reset by 111.43.41.40 port 34374 [preauth]
May 12 07:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: Connection reset by 111.43.41.40 port 34452 [preauth]
May 12 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: Connection reset by 111.43.41.40 port 34515 [preauth]
May 12 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: Connection reset by 111.43.41.40 port 34593 [preauth]
May 12 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: Connection reset by 111.43.41.40 port 34661 [preauth]
May 12 07:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7320]: Connection reset by 111.43.41.40 port 34726 [preauth]
May 12 07:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Connection reset by 111.43.41.40 port 34804 [preauth]
May 12 07:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: Connection reset by 111.43.41.40 port 34882 [preauth]
May 12 07:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7327]: Connection reset by 111.43.41.40 port 34966 [preauth]
May 12 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Connection reset by 111.43.41.40 port 35027 [preauth]
May 12 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: Connection reset by 111.43.41.40 port 35110 [preauth]
May 12 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Connection reset by 111.43.41.40 port 35189 [preauth]
May 12 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Connection reset by 111.43.41.40 port 35273 [preauth]
May 12 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: Connection reset by 111.43.41.40 port 35343 [preauth]
May 12 07:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: Connection reset by 111.43.41.40 port 35413 [preauth]
May 12 07:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: Connection reset by 111.43.41.40 port 35480 [preauth]
May 12 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: Connection reset by 111.43.41.40 port 35554 [preauth]
May 12 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7364]: Connection reset by 111.43.41.40 port 35624 [preauth]
May 12 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: Connection reset by 111.43.41.40 port 35688 [preauth]
May 12 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: Connection reset by 111.43.41.40 port 35738 [preauth]
May 12 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: Connection reset by 111.43.41.40 port 35801 [preauth]
May 12 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: Connection reset by 111.43.41.40 port 35864 [preauth]
May 12 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7376]: Connection reset by 111.43.41.40 port 35929 [preauth]
May 12 07:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Connection reset by 111.43.41.40 port 35999 [preauth]
May 12 07:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Connection reset by 111.43.41.40 port 36070 [preauth]
May 12 07:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7382]: Connection reset by 111.43.41.40 port 36129 [preauth]
May 12 07:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: Connection reset by 111.43.41.40 port 36197 [preauth]
May 12 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Connection reset by 111.43.41.40 port 36255 [preauth]
May 12 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Connection reset by 111.43.41.40 port 36315 [preauth]
May 12 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7398]: Connection reset by 111.43.41.40 port 36392 [preauth]
May 12 07:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Connection reset by 111.43.41.40 port 36459 [preauth]
May 12 07:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: Connection reset by 111.43.41.40 port 36543 [preauth]
May 12 07:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: Connection reset by 111.43.41.40 port 36600 [preauth]
May 12 07:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Connection reset by 111.43.41.40 port 36673 [preauth]
May 12 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Connection reset by 111.43.41.40 port 36752 [preauth]
May 12 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: Connection reset by 111.43.41.40 port 36822 [preauth]
May 12 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: Connection reset by 111.43.41.40 port 36879 [preauth]
May 12 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Connection reset by 111.43.41.40 port 36950 [preauth]
May 12 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4954]: pam_unix(cron:session): session closed for user root
May 12 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Connection reset by 111.43.41.40 port 37014 [preauth]
May 12 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Connection reset by 111.43.41.40 port 37089 [preauth]
May 12 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: Connection reset by 111.43.41.40 port 37158 [preauth]
May 12 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Connection reset by 111.43.41.40 port 37220 [preauth]
May 12 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Connection reset by 111.43.41.40 port 37289 [preauth]
May 12 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: Connection reset by 111.43.41.40 port 37356 [preauth]
May 12 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: Invalid user lighthouse from 190.103.202.7
May 12 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: input_userauth_request: invalid user lighthouse [preauth]
May 12 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7464]: Connection reset by 111.43.41.40 port 37428 [preauth]
May 12 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7466]: Connection reset by 111.43.41.40 port 37491 [preauth]
May 12 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Connection reset by 111.43.41.40 port 37575 [preauth]
May 12 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Connection reset by 111.43.41.40 port 37649 [preauth]
May 12 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Connection reset by 111.43.41.40 port 37717 [preauth]
May 12 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: Failed password for invalid user lighthouse from 190.103.202.7 port 47144 ssh2
May 12 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: Connection closed by 190.103.202.7 port 47144 [preauth]
May 12 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Connection reset by 111.43.41.40 port 37784 [preauth]
May 12 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Connection reset by 111.43.41.40 port 37846 [preauth]
May 12 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Connection reset by 111.43.41.40 port 37925 [preauth]
May 12 07:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: Connection reset by 111.43.41.40 port 37997 [preauth]
May 12 07:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: Connection reset by 111.43.41.40 port 38077 [preauth]
May 12 07:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7590]: Connection reset by 111.43.41.40 port 38155 [preauth]
May 12 07:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7592]: Connection reset by 111.43.41.40 port 38215 [preauth]
May 12 07:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7594]: Connection reset by 111.43.41.40 port 38295 [preauth]
May 12 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7599]: Connection reset by 111.43.41.40 port 38381 [preauth]
May 12 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7601]: Connection reset by 111.43.41.40 port 38452 [preauth]
May 12 07:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Connection reset by 111.43.41.40 port 38517 [preauth]
May 12 07:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7605]: Connection reset by 111.43.41.40 port 38577 [preauth]
May 12 07:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7613]: Connection reset by 111.43.41.40 port 38627 [preauth]
May 12 07:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7615]: Connection reset by 111.43.41.40 port 38699 [preauth]
May 12 07:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7617]: Connection reset by 111.43.41.40 port 38772 [preauth]
May 12 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: Connection reset by 111.43.41.40 port 38823 [preauth]
May 12 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: Connection reset by 111.43.41.40 port 38878 [preauth]
May 12 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7645]: Connection reset by 111.43.41.40 port 38935 [preauth]
May 12 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7648]: Connection reset by 111.43.41.40 port 39007 [preauth]
May 12 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: Connection reset by 111.43.41.40 port 39070 [preauth]
May 12 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7655]: Connection reset by 111.43.41.40 port 39123 [preauth]
May 12 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7657]: Connection reset by 111.43.41.40 port 39184 [preauth]
May 12 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: Connection reset by 111.43.41.40 port 39238 [preauth]
May 12 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: Connection reset by 111.43.41.40 port 39293 [preauth]
May 12 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: Connection reset by 111.43.41.40 port 39341 [preauth]
May 12 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7666]: Connection reset by 111.43.41.40 port 39403 [preauth]
May 12 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Connection reset by 111.43.41.40 port 39470 [preauth]
May 12 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Connection reset by 111.43.41.40 port 39540 [preauth]
May 12 07:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: Connection reset by 111.43.41.40 port 39601 [preauth]
May 12 07:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: Connection reset by 111.43.41.40 port 39655 [preauth]
May 12 07:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7688]: Connection reset by 111.43.41.40 port 39734 [preauth]
May 12 07:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: Connection reset by 111.43.41.40 port 39799 [preauth]
May 12 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7718]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7717]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7714]: pam_unix(cron:session): session closed for user p13x
May 12 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7788]: Successful su for rubyman by root
May 12 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7788]: + ??? root:rubyman
May 12 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377442 of user rubyman.
May 12 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7788]: pam_unix(su:session): session closed for user rubyman
May 12 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377442.
May 12 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3446]: pam_unix(cron:session): session closed for user root
May 12 07:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7715]: pam_unix(cron:session): session closed for user samftp
May 12 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6004]: pam_unix(cron:session): session closed for user root
May 12 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8148]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8147]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8145]: pam_unix(cron:session): session closed for user p13x
May 12 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8219]: Successful su for rubyman by root
May 12 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8219]: + ??? root:rubyman
May 12 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377445 of user rubyman.
May 12 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8219]: pam_unix(su:session): session closed for user rubyman
May 12 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377445.
May 12 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3884]: pam_unix(cron:session): session closed for user root
May 12 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8146]: pam_unix(cron:session): session closed for user samftp
May 12 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session closed for user root
May 12 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8571]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8570]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8568]: pam_unix(cron:session): session closed for user p13x
May 12 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8634]: Successful su for rubyman by root
May 12 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8634]: + ??? root:rubyman
May 12 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377449 of user rubyman.
May 12 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8634]: pam_unix(su:session): session closed for user rubyman
May 12 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377449.
May 12 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4468]: pam_unix(cron:session): session closed for user root
May 12 07:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8569]: pam_unix(cron:session): session closed for user samftp
May 12 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7718]: pam_unix(cron:session): session closed for user root
May 12 07:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May 12 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: Failed password for root from 218.92.0.203 port 11558 ssh2
May 12 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8991]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session closed for user root
May 12 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session closed for user p13x
May 12 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9062]: Successful su for rubyman by root
May 12 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9062]: + ??? root:rubyman
May 12 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377453 of user rubyman.
May 12 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9062]: pam_unix(su:session): session closed for user rubyman
May 12 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377453.
May 12 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8991]: pam_unix(cron:session): session closed for user root
May 12 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4953]: pam_unix(cron:session): session closed for user root
May 12 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session closed for user samftp
May 12 07:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: Bad protocol version identification 'GET / HTTP/1.1' from 184.105.247.194 port 21244
May 12 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8148]: pam_unix(cron:session): session closed for user root
May 12 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9543]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9540]: pam_unix(cron:session): session closed for user p13x
May 12 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9612]: Successful su for rubyman by root
May 12 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9612]: + ??? root:rubyman
May 12 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377459 of user rubyman.
May 12 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9612]: pam_unix(su:session): session closed for user rubyman
May 12 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377459.
May 12 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session closed for user root
May 12 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9541]: pam_unix(cron:session): session closed for user samftp
May 12 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8571]: pam_unix(cron:session): session closed for user root
May 12 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9954]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9956]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9952]: pam_unix(cron:session): session closed for user p13x
May 12 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10014]: Successful su for rubyman by root
May 12 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10014]: + ??? root:rubyman
May 12 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377465 of user rubyman.
May 12 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10014]: pam_unix(su:session): session closed for user rubyman
May 12 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377465.
May 12 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session closed for user root
May 12 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9953]: pam_unix(cron:session): session closed for user samftp
May 12 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session closed for user root
May 12 07:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: Failed password for root from 218.92.0.179 port 54893 ssh2
May 12 07:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 54893 ssh2]
May 12 07:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: Received disconnect from 218.92.0.179 port 54893:11:  [preauth]
May 12 07:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: Disconnected from 218.92.0.179 port 54893 [preauth]
May 12 07:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10455]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10457]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session closed for user p13x
May 12 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: Successful su for rubyman by root
May 12 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: + ??? root:rubyman
May 12 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377468 of user rubyman.
May 12 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: pam_unix(su:session): session closed for user rubyman
May 12 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377468.
May 12 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7717]: pam_unix(cron:session): session closed for user root
May 12 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10454]: pam_unix(cron:session): session closed for user samftp
May 12 07:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Invalid user dev from 110.49.76.244
May 12 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: input_userauth_request: invalid user dev [preauth]
May 12 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.76.244
May 12 07:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Failed password for invalid user dev from 110.49.76.244 port 56266 ssh2
May 12 07:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Received disconnect from 110.49.76.244 port 56266:11: Bye Bye [preauth]
May 12 07:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Disconnected from 110.49.76.244 port 56266 [preauth]
May 12 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session closed for user root
May 12 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10923]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10922]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10918]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10920]: pam_unix(cron:session): session closed for user p13x
May 12 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11036]: Successful su for rubyman by root
May 12 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11036]: + ??? root:rubyman
May 12 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377471 of user rubyman.
May 12 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11036]: pam_unix(su:session): session closed for user rubyman
May 12 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377471.
May 12 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10918]: pam_unix(cron:session): session closed for user root
May 12 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8147]: pam_unix(cron:session): session closed for user root
May 12 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10921]: pam_unix(cron:session): session closed for user samftp
May 12 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9956]: pam_unix(cron:session): session closed for user root
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11401]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11398]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11397]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11399]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11401]: pam_unix(cron:session): session closed for user root
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11395]: pam_unix(cron:session): session closed for user p13x
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11467]: Successful su for rubyman by root
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11467]: + ??? root:rubyman
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377481 of user rubyman.
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11467]: pam_unix(su:session): session closed for user rubyman
May 12 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377481.
May 12 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11397]: pam_unix(cron:session): session closed for user root
May 12 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8570]: pam_unix(cron:session): session closed for user root
May 12 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11396]: pam_unix(cron:session): session closed for user samftp
May 12 07:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Invalid user admin from 80.94.95.125
May 12 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: input_userauth_request: invalid user admin [preauth]
May 12 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Failed password for invalid user admin from 80.94.95.125 port 54922 ssh2
May 12 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Received disconnect from 80.94.95.125 port 54922:11: Bye [preauth]
May 12 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Disconnected from 80.94.95.125 port 54922 [preauth]
May 12 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10457]: pam_unix(cron:session): session closed for user root
May 12 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11841]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11842]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11839]: pam_unix(cron:session): session closed for user p13x
May 12 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11906]: Successful su for rubyman by root
May 12 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11906]: + ??? root:rubyman
May 12 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377484 of user rubyman.
May 12 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11906]: pam_unix(su:session): session closed for user rubyman
May 12 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377484.
May 12 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8992]: pam_unix(cron:session): session closed for user root
May 12 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11840]: pam_unix(cron:session): session closed for user samftp
May 12 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10923]: pam_unix(cron:session): session closed for user root
May 12 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12233]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12226]: pam_unix(cron:session): session closed for user p13x
May 12 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12297]: Successful su for rubyman by root
May 12 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12297]: + ??? root:rubyman
May 12 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377488 of user rubyman.
May 12 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12297]: pam_unix(su:session): session closed for user rubyman
May 12 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377488.
May 12 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9543]: pam_unix(cron:session): session closed for user root
May 12 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12231]: pam_unix(cron:session): session closed for user samftp
May 12 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11399]: pam_unix(cron:session): session closed for user root
May 12 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12632]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session closed for user p13x
May 12 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12687]: Successful su for rubyman by root
May 12 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12687]: + ??? root:rubyman
May 12 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377490 of user rubyman.
May 12 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12687]: pam_unix(su:session): session closed for user rubyman
May 12 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377490.
May 12 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9954]: pam_unix(cron:session): session closed for user root
May 12 07:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session closed for user samftp
May 12 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11842]: pam_unix(cron:session): session closed for user root
May 12 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13018]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session closed for user p13x
May 12 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13083]: Successful su for rubyman by root
May 12 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13083]: + ??? root:rubyman
May 12 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377495 of user rubyman.
May 12 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13083]: pam_unix(su:session): session closed for user rubyman
May 12 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377495.
May 12 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10455]: pam_unix(cron:session): session closed for user root
May 12 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session closed for user samftp
May 12 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12233]: pam_unix(cron:session): session closed for user root
May 12 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13426]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13425]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13427]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session closed for user root
May 12 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13423]: pam_unix(cron:session): session closed for user p13x
May 12 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13590]: Successful su for rubyman by root
May 12 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13590]: + ??? root:rubyman
May 12 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377502 of user rubyman.
May 12 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13590]: pam_unix(su:session): session closed for user rubyman
May 12 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377502.
May 12 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13425]: pam_unix(cron:session): session closed for user root
May 12 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10922]: pam_unix(cron:session): session closed for user root
May 12 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13424]: pam_unix(cron:session): session closed for user samftp
May 12 07:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.76.244  user=root
May 12 07:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: Failed password for root from 110.49.76.244 port 35114 ssh2
May 12 07:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: Received disconnect from 110.49.76.244 port 35114:11: Bye Bye [preauth]
May 12 07:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: Disconnected from 110.49.76.244 port 35114 [preauth]
May 12 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12632]: pam_unix(cron:session): session closed for user root
May 12 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13966]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session closed for user p13x
May 12 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14033]: Successful su for rubyman by root
May 12 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14033]: + ??? root:rubyman
May 12 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377506 of user rubyman.
May 12 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14033]: pam_unix(su:session): session closed for user rubyman
May 12 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377506.
May 12 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11398]: pam_unix(cron:session): session closed for user root
May 12 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session closed for user samftp
May 12 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session closed for user root
May 12 07:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May 12 07:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Failed password for root from 45.6.188.43 port 56712 ssh2
May 12 07:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Connection closed by 45.6.188.43 port 56712 [preauth]
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14375]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14374]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14369]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14369]: pam_unix(cron:session): session closed for user root
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14372]: pam_unix(cron:session): session closed for user p13x
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14435]: Successful su for rubyman by root
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14435]: + ??? root:rubyman
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377508 of user rubyman.
May 12 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14435]: pam_unix(su:session): session closed for user rubyman
May 12 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377508.
May 12 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11841]: pam_unix(cron:session): session closed for user root
May 12 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14373]: pam_unix(cron:session): session closed for user samftp
May 12 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Failed password for root from 218.92.0.179 port 23541 ssh2
May 12 07:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 23541 ssh2]
May 12 07:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Received disconnect from 218.92.0.179 port 23541:11:  [preauth]
May 12 07:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Disconnected from 218.92.0.179 port 23541 [preauth]
May 12 07:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13427]: pam_unix(cron:session): session closed for user root
May 12 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Invalid user admin from 80.94.95.112
May 12 07:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: input_userauth_request: invalid user admin [preauth]
May 12 07:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 07:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Failed password for invalid user admin from 80.94.95.112 port 44531 ssh2
May 12 07:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Failed password for invalid user admin from 80.94.95.112 port 44531 ssh2
May 12 07:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Failed password for invalid user admin from 80.94.95.112 port 44531 ssh2
May 12 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14787]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14788]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14785]: pam_unix(cron:session): session closed for user p13x
May 12 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14845]: Successful su for rubyman by root
May 12 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14845]: + ??? root:rubyman
May 12 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377513 of user rubyman.
May 12 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14845]: pam_unix(su:session): session closed for user rubyman
May 12 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377513.
May 12 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Failed password for invalid user admin from 80.94.95.112 port 44531 ssh2
May 12 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Failed password for invalid user admin from 80.94.95.112 port 44531 ssh2
May 12 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session closed for user root
May 12 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Received disconnect from 80.94.95.112 port 44531:11: Bye [preauth]
May 12 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Disconnected from 80.94.95.112 port 44531 [preauth]
May 12 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14786]: pam_unix(cron:session): session closed for user samftp
May 12 07:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13966]: pam_unix(cron:session): session closed for user root
May 12 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session closed for user p13x
May 12 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15256]: Successful su for rubyman by root
May 12 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15256]: + ??? root:rubyman
May 12 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377517 of user rubyman.
May 12 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15256]: pam_unix(su:session): session closed for user rubyman
May 12 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377517.
May 12 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session closed for user root
May 12 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session closed for user samftp
May 12 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14375]: pam_unix(cron:session): session closed for user root
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15591]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15591]: pam_unix(cron:session): session closed for user root
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session closed for user p13x
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15652]: Successful su for rubyman by root
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15652]: + ??? root:rubyman
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377522 of user rubyman.
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15652]: pam_unix(su:session): session closed for user rubyman
May 12 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377522.
May 12 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session closed for user root
May 12 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13018]: pam_unix(cron:session): session closed for user root
May 12 07:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session closed for user samftp
May 12 07:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14788]: pam_unix(cron:session): session closed for user root
May 12 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16017]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16016]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16014]: pam_unix(cron:session): session closed for user p13x
May 12 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: Successful su for rubyman by root
May 12 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: + ??? root:rubyman
May 12 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377528 of user rubyman.
May 12 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: pam_unix(su:session): session closed for user rubyman
May 12 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377528.
May 12 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13426]: pam_unix(cron:session): session closed for user root
May 12 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16015]: pam_unix(cron:session): session closed for user samftp
May 12 07:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Failed password for root from 218.92.0.179 port 47009 ssh2
May 12 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session closed for user root
May 12 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Failed password for root from 218.92.0.179 port 47009 ssh2
May 12 07:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Failed password for root from 218.92.0.179 port 47009 ssh2
May 12 07:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Received disconnect from 218.92.0.179 port 47009:11:  [preauth]
May 12 07:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Disconnected from 218.92.0.179 port 47009 [preauth]
May 12 07:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16399]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16398]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16396]: pam_unix(cron:session): session closed for user p13x
May 12 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16474]: Successful su for rubyman by root
May 12 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16474]: + ??? root:rubyman
May 12 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377532 of user rubyman.
May 12 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16474]: pam_unix(su:session): session closed for user rubyman
May 12 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377532.
May 12 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session closed for user root
May 12 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16397]: pam_unix(cron:session): session closed for user samftp
May 12 07:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Invalid user ppr from 110.49.76.244
May 12 07:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: input_userauth_request: invalid user ppr [preauth]
May 12 07:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.76.244
May 12 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Failed password for invalid user ppr from 110.49.76.244 port 42194 ssh2
May 12 07:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Received disconnect from 110.49.76.244 port 42194:11: Bye Bye [preauth]
May 12 07:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Disconnected from 110.49.76.244 port 42194 [preauth]
May 12 07:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session closed for user root
May 12 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16862]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16863]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16860]: pam_unix(cron:session): session closed for user p13x
May 12 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16945]: Successful su for rubyman by root
May 12 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16945]: + ??? root:rubyman
May 12 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377537 of user rubyman.
May 12 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16945]: pam_unix(su:session): session closed for user rubyman
May 12 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377537.
May 12 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14374]: pam_unix(cron:session): session closed for user root
May 12 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16861]: pam_unix(cron:session): session closed for user samftp
May 12 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16017]: pam_unix(cron:session): session closed for user root
May 12 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session closed for user p13x
May 12 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17352]: Successful su for rubyman by root
May 12 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17352]: + ??? root:rubyman
May 12 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377539 of user rubyman.
May 12 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17352]: pam_unix(su:session): session closed for user rubyman
May 12 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377539.
May 12 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14787]: pam_unix(cron:session): session closed for user root
May 12 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session closed for user samftp
May 12 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16399]: pam_unix(cron:session): session closed for user root
May 12 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: Invalid user frappe from 80.94.95.125
May 12 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: input_userauth_request: invalid user frappe [preauth]
May 12 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: Failed password for invalid user frappe from 80.94.95.125 port 27560 ssh2
May 12 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: Received disconnect from 80.94.95.125 port 27560:11: Bye [preauth]
May 12 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: Disconnected from 80.94.95.125 port 27560 [preauth]
May 12 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17709]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17711]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17712]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17710]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17712]: pam_unix(cron:session): session closed for user root
May 12 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17707]: pam_unix(cron:session): session closed for user p13x
May 12 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17795]: Successful su for rubyman by root
May 12 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17795]: + ??? root:rubyman
May 12 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377544 of user rubyman.
May 12 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17795]: pam_unix(su:session): session closed for user rubyman
May 12 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377544.
May 12 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17709]: pam_unix(cron:session): session closed for user root
May 12 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session closed for user root
May 12 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17708]: pam_unix(cron:session): session closed for user samftp
May 12 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16863]: pam_unix(cron:session): session closed for user root
May 12 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session closed for user p13x
May 12 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18325]: Successful su for rubyman by root
May 12 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18325]: + ??? root:rubyman
May 12 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377550 of user rubyman.
May 12 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18325]: pam_unix(su:session): session closed for user rubyman
May 12 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377550.
May 12 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session closed for user root
May 12 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session closed for user samftp
May 12 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session closed for user root
May 12 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18673]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18674]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session closed for user p13x
May 12 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18739]: Successful su for rubyman by root
May 12 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18739]: + ??? root:rubyman
May 12 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377556 of user rubyman.
May 12 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18739]: pam_unix(su:session): session closed for user rubyman
May 12 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377556.
May 12 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16016]: pam_unix(cron:session): session closed for user root
May 12 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18672]: pam_unix(cron:session): session closed for user samftp
May 12 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17711]: pam_unix(cron:session): session closed for user root
May 12 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19090]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19089]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19087]: pam_unix(cron:session): session closed for user p13x
May 12 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19147]: Successful su for rubyman by root
May 12 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19147]: + ??? root:rubyman
May 12 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377559 of user rubyman.
May 12 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19147]: pam_unix(su:session): session closed for user rubyman
May 12 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377559.
May 12 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16398]: pam_unix(cron:session): session closed for user root
May 12 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19088]: pam_unix(cron:session): session closed for user samftp
May 12 07:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session closed for user root
May 12 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19489]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19488]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19486]: pam_unix(cron:session): session closed for user p13x
May 12 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19549]: Successful su for rubyman by root
May 12 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19549]: + ??? root:rubyman
May 12 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377561 of user rubyman.
May 12 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19549]: pam_unix(su:session): session closed for user rubyman
May 12 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377561.
May 12 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16862]: pam_unix(cron:session): session closed for user root
May 12 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19487]: pam_unix(cron:session): session closed for user samftp
May 12 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18674]: pam_unix(cron:session): session closed for user root
May 12 07:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Invalid user jenkins from 110.49.76.244
May 12 07:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: input_userauth_request: invalid user jenkins [preauth]
May 12 07:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.76.244
May 12 07:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Failed password for invalid user jenkins from 110.49.76.244 port 49272 ssh2
May 12 07:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Received disconnect from 110.49.76.244 port 49272:11: Bye Bye [preauth]
May 12 07:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Disconnected from 110.49.76.244 port 49272 [preauth]
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19905]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19904]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19907]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19907]: pam_unix(cron:session): session closed for user root
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19902]: pam_unix(cron:session): session closed for user p13x
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19977]: Successful su for rubyman by root
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19977]: + ??? root:rubyman
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377567 of user rubyman.
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19977]: pam_unix(su:session): session closed for user rubyman
May 12 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377567.
May 12 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19904]: pam_unix(cron:session): session closed for user root
May 12 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user root
May 12 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19903]: pam_unix(cron:session): session closed for user samftp
May 12 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May 12 07:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: Failed password for root from 50.235.31.47 port 33666 ssh2
May 12 07:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: Connection closed by 50.235.31.47 port 33666 [preauth]
May 12 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19090]: pam_unix(cron:session): session closed for user root
May 12 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: Invalid user marcus from 87.106.108.106
May 12 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: input_userauth_request: invalid user marcus [preauth]
May 12 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.108.106
May 12 07:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: Failed password for invalid user marcus from 87.106.108.106 port 33204 ssh2
May 12 07:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: Received disconnect from 87.106.108.106 port 33204:11: Bye Bye [preauth]
May 12 07:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: Disconnected from 87.106.108.106 port 33204 [preauth]
May 12 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20340]: pam_unix(cron:session): session closed for user p13x
May 12 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: Successful su for rubyman by root
May 12 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: + ??? root:rubyman
May 12 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377571 of user rubyman.
May 12 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: pam_unix(su:session): session closed for user rubyman
May 12 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377571.
May 12 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17710]: pam_unix(cron:session): session closed for user root
May 12 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20341]: pam_unix(cron:session): session closed for user samftp
May 12 07:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194  user=root
May 12 07:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: Failed password for root from 34.123.134.194 port 52324 ssh2
May 12 07:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: Received disconnect from 34.123.134.194 port 52324:11: Bye Bye [preauth]
May 12 07:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: Disconnected from 34.123.134.194 port 52324 [preauth]
May 12 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19489]: pam_unix(cron:session): session closed for user root
May 12 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20760]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20761]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20758]: pam_unix(cron:session): session closed for user p13x
May 12 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20824]: Successful su for rubyman by root
May 12 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20824]: + ??? root:rubyman
May 12 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377575 of user rubyman.
May 12 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20824]: pam_unix(su:session): session closed for user rubyman
May 12 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377575.
May 12 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session closed for user root
May 12 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20759]: pam_unix(cron:session): session closed for user samftp
May 12 07:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session closed for user root
May 12 07:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21057]: Connection closed by 162.142.125.43 port 59742 [preauth]
May 12 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21191]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21192]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21181]: pam_unix(cron:session): session closed for user p13x
May 12 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: Successful su for rubyman by root
May 12 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: + ??? root:rubyman
May 12 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377581 of user rubyman.
May 12 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: pam_unix(su:session): session closed for user rubyman
May 12 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377581.
May 12 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18673]: pam_unix(cron:session): session closed for user root
May 12 07:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21190]: pam_unix(cron:session): session closed for user samftp
May 12 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session closed for user root
May 12 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21636]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session closed for user p13x
May 12 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: Successful su for rubyman by root
May 12 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: + ??? root:rubyman
May 12 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377585 of user rubyman.
May 12 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: pam_unix(su:session): session closed for user rubyman
May 12 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377585.
May 12 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19089]: pam_unix(cron:session): session closed for user root
May 12 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session closed for user samftp
May 12 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20761]: pam_unix(cron:session): session closed for user root
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session closed for user root
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22386]: pam_unix(cron:session): session closed for user p13x
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22479]: Successful su for rubyman by root
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22479]: + ??? root:rubyman
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377590 of user rubyman.
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22479]: pam_unix(su:session): session closed for user rubyman
May 12 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377590.
May 12 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19488]: pam_unix(cron:session): session closed for user root
May 12 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session closed for user root
May 12 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22387]: pam_unix(cron:session): session closed for user samftp
May 12 07:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21192]: pam_unix(cron:session): session closed for user root
May 12 07:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254  user=root
May 12 07:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22795]: Failed password for root from 124.198.59.254 port 47886 ssh2
May 12 07:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22795]: Connection closed by 124.198.59.254 port 47886 [preauth]
May 12 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22895]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session closed for user p13x
May 12 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22994]: Successful su for rubyman by root
May 12 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22994]: + ??? root:rubyman
May 12 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377594 of user rubyman.
May 12 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22994]: pam_unix(su:session): session closed for user rubyman
May 12 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377594.
May 12 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19905]: pam_unix(cron:session): session closed for user root
May 12 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session closed for user samftp
May 12 07:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 07:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21636]: pam_unix(cron:session): session closed for user root
May 12 07:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: Failed password for root from 218.92.0.201 port 17704 ssh2
May 12 07:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: message repeated 4 times: [ Failed password for root from 218.92.0.201 port 17704 ssh2]
May 12 07:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 17704 ssh2 [preauth]
May 12 07:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: Disconnecting: Too many authentication failures [preauth]
May 12 07:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 07:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 07:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: Failed password for root from 218.92.0.201 port 5620 ssh2
May 12 07:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: Failed password for root from 218.92.0.201 port 5620 ssh2
May 12 07:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: Failed password for root from 218.92.0.201 port 5620 ssh2
May 12 07:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Invalid user ubuntu from 87.106.108.106
May 12 07:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: input_userauth_request: invalid user ubuntu [preauth]
May 12 07:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.108.106
May 12 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Failed password for invalid user ubuntu from 87.106.108.106 port 47506 ssh2
May 12 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Received disconnect from 87.106.108.106 port 47506:11: Bye Bye [preauth]
May 12 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Disconnected from 87.106.108.106 port 47506 [preauth]
May 12 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: Failed password for root from 218.92.0.201 port 5620 ssh2
May 12 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session closed for user p13x
May 12 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: Successful su for rubyman by root
May 12 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: + ??? root:rubyman
May 12 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377598 of user rubyman.
May 12 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: pam_unix(su:session): session closed for user rubyman
May 12 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377598.
May 12 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session closed for user root
May 12 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: Failed password for root from 218.92.0.201 port 5620 ssh2
May 12 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session closed for user samftp
May 12 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: Failed password for root from 218.92.0.201 port 5620 ssh2
May 12 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 5620 ssh2 [preauth]
May 12 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: Disconnecting: Too many authentication failures [preauth]
May 12 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23408]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 07:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 07:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Failed password for root from 218.92.0.201 port 17450 ssh2
May 12 07:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Received disconnect from 218.92.0.201 port 17450:11:  [preauth]
May 12 07:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Disconnected from 218.92.0.201 port 17450 [preauth]
May 12 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session closed for user root
May 12 07:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: Failed password for root from 218.92.0.179 port 57095 ssh2
May 12 07:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 57095 ssh2]
May 12 07:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: Received disconnect from 218.92.0.179 port 57095:11:  [preauth]
May 12 07:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: Disconnected from 218.92.0.179 port 57095 [preauth]
May 12 07:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23963]: pam_unix(cron:session): session closed for user p13x
May 12 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24038]: Successful su for rubyman by root
May 12 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24038]: + ??? root:rubyman
May 12 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377602 of user rubyman.
May 12 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24038]: pam_unix(su:session): session closed for user rubyman
May 12 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377602.
May 12 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20760]: pam_unix(cron:session): session closed for user root
May 12 07:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session closed for user samftp
May 12 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session closed for user root
May 12 07:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 07:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Failed password for root from 80.94.95.125 port 14121 ssh2
May 12 07:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Received disconnect from 80.94.95.125 port 14121:11: Bye [preauth]
May 12 07:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Disconnected from 80.94.95.125 port 14121 [preauth]
May 12 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24412]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24413]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24408]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24410]: pam_unix(cron:session): session closed for user p13x
May 12 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24540]: Successful su for rubyman by root
May 12 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24540]: + ??? root:rubyman
May 12 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377606 of user rubyman.
May 12 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24540]: pam_unix(su:session): session closed for user rubyman
May 12 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377606.
May 12 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24408]: pam_unix(cron:session): session closed for user root
May 12 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21191]: pam_unix(cron:session): session closed for user root
May 12 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24411]: pam_unix(cron:session): session closed for user samftp
May 12 07:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session closed for user root
May 12 07:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.108.106  user=root
May 12 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Failed password for root from 87.106.108.106 port 55552 ssh2
May 12 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Received disconnect from 87.106.108.106 port 55552:11: Bye Bye [preauth]
May 12 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Disconnected from 87.106.108.106 port 55552 [preauth]
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24938]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24935]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24934]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24938]: pam_unix(cron:session): session closed for user root
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24931]: pam_unix(cron:session): session closed for user p13x
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25009]: Successful su for rubyman by root
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25009]: + ??? root:rubyman
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377614 of user rubyman.
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25009]: pam_unix(su:session): session closed for user rubyman
May 12 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377614.
May 12 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session closed for user root
May 12 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24934]: pam_unix(cron:session): session closed for user root
May 12 07:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24933]: pam_unix(cron:session): session closed for user samftp
May 12 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session closed for user root
May 12 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25388]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25389]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25386]: pam_unix(cron:session): session closed for user p13x
May 12 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25454]: Successful su for rubyman by root
May 12 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25454]: + ??? root:rubyman
May 12 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377617 of user rubyman.
May 12 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25454]: pam_unix(su:session): session closed for user rubyman
May 12 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377617.
May 12 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session closed for user root
May 12 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25387]: pam_unix(cron:session): session closed for user samftp
May 12 07:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194  user=root
May 12 07:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: Failed password for root from 34.123.134.194 port 50430 ssh2
May 12 07:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: Received disconnect from 34.123.134.194 port 50430:11: Bye Bye [preauth]
May 12 07:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: Disconnected from 34.123.134.194 port 50430 [preauth]
May 12 07:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May 12 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24413]: pam_unix(cron:session): session closed for user root
May 12 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25762]: Failed password for root from 164.68.105.9 port 60714 ssh2
May 12 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25762]: Connection closed by 164.68.105.9 port 60714 [preauth]
May 12 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25876]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25875]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25873]: pam_unix(cron:session): session closed for user p13x
May 12 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25951]: Successful su for rubyman by root
May 12 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25951]: + ??? root:rubyman
May 12 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377620 of user rubyman.
May 12 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25951]: pam_unix(su:session): session closed for user rubyman
May 12 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377620.
May 12 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22895]: pam_unix(cron:session): session closed for user root
May 12 07:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25874]: pam_unix(cron:session): session closed for user samftp
May 12 07:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.108.106  user=root
May 12 07:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Failed password for root from 87.106.108.106 port 39612 ssh2
May 12 07:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Received disconnect from 87.106.108.106 port 39612:11: Bye Bye [preauth]
May 12 07:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Disconnected from 87.106.108.106 port 39612 [preauth]
May 12 07:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session closed for user root
May 12 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26290]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session closed for user p13x
May 12 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26359]: Successful su for rubyman by root
May 12 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26359]: + ??? root:rubyman
May 12 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377624 of user rubyman.
May 12 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26359]: pam_unix(su:session): session closed for user rubyman
May 12 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377624.
May 12 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session closed for user root
May 12 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session closed for user samftp
May 12 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25389]: pam_unix(cron:session): session closed for user root
May 12 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26802]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26801]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26799]: pam_unix(cron:session): session closed for user p13x
May 12 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26876]: Successful su for rubyman by root
May 12 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26876]: + ??? root:rubyman
May 12 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377628 of user rubyman.
May 12 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26876]: pam_unix(su:session): session closed for user rubyman
May 12 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377628.
May 12 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.161.65.209  user=root
May 12 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session closed for user root
May 12 07:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: Failed password for root from 111.161.65.209 port 48202 ssh2
May 12 07:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: Connection closed by 111.161.65.209 port 48202 [preauth]
May 12 07:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26800]: pam_unix(cron:session): session closed for user samftp
May 12 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25876]: pam_unix(cron:session): session closed for user root
May 12 07:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: Invalid user test from 87.106.108.106
May 12 07:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: input_userauth_request: invalid user test [preauth]
May 12 07:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.108.106
May 12 07:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: Failed password for invalid user test from 87.106.108.106 port 50118 ssh2
May 12 07:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: Received disconnect from 87.106.108.106 port 50118:11: Bye Bye [preauth]
May 12 07:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: Disconnected from 87.106.108.106 port 50118 [preauth]
May 12 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27336]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27337]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27335]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27334]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27337]: pam_unix(cron:session): session closed for user root
May 12 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27332]: pam_unix(cron:session): session closed for user p13x
May 12 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: Successful su for rubyman by root
May 12 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: + ??? root:rubyman
May 12 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377637 of user rubyman.
May 12 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: pam_unix(su:session): session closed for user rubyman
May 12 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377637.
May 12 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27334]: pam_unix(cron:session): session closed for user root
May 12 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24412]: pam_unix(cron:session): session closed for user root
May 12 07:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27333]: pam_unix(cron:session): session closed for user samftp
May 12 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Invalid user peiyuhui from 186.233.208.13
May 12 07:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: input_userauth_request: invalid user peiyuhui [preauth]
May 12 07:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 07:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Failed password for invalid user peiyuhui from 186.233.208.13 port 33350 ssh2
May 12 07:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Received disconnect from 186.233.208.13 port 33350:11: Bye Bye [preauth]
May 12 07:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Disconnected from 186.233.208.13 port 33350 [preauth]
May 12 07:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26290]: pam_unix(cron:session): session closed for user root
May 12 07:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27879]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27880]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27877]: pam_unix(cron:session): session closed for user p13x
May 12 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27951]: Successful su for rubyman by root
May 12 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27951]: + ??? root:rubyman
May 12 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377640 of user rubyman.
May 12 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27951]: pam_unix(su:session): session closed for user rubyman
May 12 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377640.
May 12 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24935]: pam_unix(cron:session): session closed for user root
May 12 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27878]: pam_unix(cron:session): session closed for user samftp
May 12 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28195]: Invalid user nc from 50.235.31.47
May 12 07:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28195]: input_userauth_request: invalid user nc [preauth]
May 12 07:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28195]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May 12 07:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28195]: Failed password for invalid user nc from 50.235.31.47 port 41380 ssh2
May 12 07:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28195]: Connection closed by 50.235.31.47 port 41380 [preauth]
May 12 07:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194  user=root
May 12 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26802]: pam_unix(cron:session): session closed for user root
May 12 07:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Failed password for root from 34.123.134.194 port 57674 ssh2
May 12 07:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Received disconnect from 34.123.134.194 port 57674:11: Bye Bye [preauth]
May 12 07:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Disconnected from 34.123.134.194 port 57674 [preauth]
May 12 07:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28314]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28313]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28311]: pam_unix(cron:session): session closed for user p13x
May 12 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28381]: Successful su for rubyman by root
May 12 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28381]: + ??? root:rubyman
May 12 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377643 of user rubyman.
May 12 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28381]: pam_unix(su:session): session closed for user rubyman
May 12 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377643.
May 12 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25388]: pam_unix(cron:session): session closed for user root
May 12 07:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28312]: pam_unix(cron:session): session closed for user samftp
May 12 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27336]: pam_unix(cron:session): session closed for user root
May 12 07:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: Did not receive identification string from 111.161.65.209
May 12 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28727]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28728]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session closed for user p13x
May 12 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28789]: Successful su for rubyman by root
May 12 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28789]: + ??? root:rubyman
May 12 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377646 of user rubyman.
May 12 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28789]: pam_unix(su:session): session closed for user rubyman
May 12 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377646.
May 12 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25875]: pam_unix(cron:session): session closed for user root
May 12 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session closed for user samftp
May 12 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: Connection closed by 111.161.65.209 port 39540 [preauth]
May 12 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Connection closed by 111.161.65.209 port 39530 [preauth]
May 12 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27880]: pam_unix(cron:session): session closed for user root
May 12 07:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28290]: Connection closed by 111.161.65.209 port 38004 [preauth]
May 12 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29231]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29232]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29229]: pam_unix(cron:session): session closed for user p13x
May 12 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29300]: Successful su for rubyman by root
May 12 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29300]: + ??? root:rubyman
May 12 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377650 of user rubyman.
May 12 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29300]: pam_unix(su:session): session closed for user rubyman
May 12 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377650.
May 12 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session closed for user root
May 12 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29230]: pam_unix(cron:session): session closed for user samftp
May 12 07:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: Failed password for root from 218.92.0.179 port 23581 ssh2
May 12 07:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 23581 ssh2]
May 12 07:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: Received disconnect from 218.92.0.179 port 23581:11:  [preauth]
May 12 07:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: Disconnected from 218.92.0.179 port 23581 [preauth]
May 12 07:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28314]: pam_unix(cron:session): session closed for user root
May 12 07:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Invalid user wiebe from 87.106.108.106
May 12 07:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: input_userauth_request: invalid user wiebe [preauth]
May 12 07:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.108.106
May 12 07:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Failed password for invalid user wiebe from 87.106.108.106 port 55428 ssh2
May 12 07:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Received disconnect from 87.106.108.106 port 55428:11: Bye Bye [preauth]
May 12 07:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Disconnected from 87.106.108.106 port 55428 [preauth]
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29656]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29658]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29655]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29658]: pam_unix(cron:session): session closed for user root
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29652]: pam_unix(cron:session): session closed for user p13x
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29724]: Successful su for rubyman by root
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29724]: + ??? root:rubyman
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377654 of user rubyman.
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29724]: pam_unix(su:session): session closed for user rubyman
May 12 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377654.
May 12 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session closed for user root
May 12 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26801]: pam_unix(cron:session): session closed for user root
May 12 07:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29653]: pam_unix(cron:session): session closed for user samftp
May 12 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28728]: pam_unix(cron:session): session closed for user root
May 12 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30093]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30094]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30090]: pam_unix(cron:session): session closed for user p13x
May 12 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30159]: Successful su for rubyman by root
May 12 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30159]: + ??? root:rubyman
May 12 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377661 of user rubyman.
May 12 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30159]: pam_unix(su:session): session closed for user rubyman
May 12 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377661.
May 12 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27335]: pam_unix(cron:session): session closed for user root
May 12 07:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30092]: pam_unix(cron:session): session closed for user samftp
May 12 07:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194  user=root
May 12 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29232]: pam_unix(cron:session): session closed for user root
May 12 07:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: Failed password for root from 34.123.134.194 port 36680 ssh2
May 12 07:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: Received disconnect from 34.123.134.194 port 36680:11: Bye Bye [preauth]
May 12 07:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: Disconnected from 34.123.134.194 port 36680 [preauth]
May 12 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30494]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30493]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30491]: pam_unix(cron:session): session closed for user p13x
May 12 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30552]: Successful su for rubyman by root
May 12 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30552]: + ??? root:rubyman
May 12 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377664 of user rubyman.
May 12 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30552]: pam_unix(su:session): session closed for user rubyman
May 12 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377664.
May 12 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27879]: pam_unix(cron:session): session closed for user root
May 12 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Invalid user admin from 80.94.95.112
May 12 07:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: input_userauth_request: invalid user admin [preauth]
May 12 07:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 07:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30492]: pam_unix(cron:session): session closed for user samftp
May 12 07:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Failed password for invalid user admin from 80.94.95.112 port 59034 ssh2
May 12 07:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Failed password for invalid user admin from 80.94.95.112 port 59034 ssh2
May 12 07:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Failed password for invalid user admin from 80.94.95.112 port 59034 ssh2
May 12 07:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Failed password for invalid user admin from 80.94.95.112 port 59034 ssh2
May 12 07:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Failed password for invalid user admin from 80.94.95.112 port 59034 ssh2
May 12 07:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Received disconnect from 80.94.95.112 port 59034:11: Bye [preauth]
May 12 07:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Disconnected from 80.94.95.112 port 59034 [preauth]
May 12 07:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 07:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 07:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May 12 07:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Invalid user postgres from 87.106.108.106
May 12 07:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: input_userauth_request: invalid user postgres [preauth]
May 12 07:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.108.106
May 12 07:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: Failed password for root from 218.92.0.215 port 30514 ssh2
May 12 07:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Failed password for invalid user postgres from 87.106.108.106 port 60154 ssh2
May 12 07:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Received disconnect from 87.106.108.106 port 60154:11: Bye Bye [preauth]
May 12 07:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Disconnected from 87.106.108.106 port 60154 [preauth]
May 12 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29656]: pam_unix(cron:session): session closed for user root
May 12 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30891]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30890]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30888]: pam_unix(cron:session): session closed for user p13x
May 12 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: Successful su for rubyman by root
May 12 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: + ??? root:rubyman
May 12 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377669 of user rubyman.
May 12 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: pam_unix(su:session): session closed for user rubyman
May 12 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377669.
May 12 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28313]: pam_unix(cron:session): session closed for user root
May 12 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30889]: pam_unix(cron:session): session closed for user samftp
May 12 07:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 07:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: Failed password for root from 80.94.95.125 port 30847 ssh2
May 12 07:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: Received disconnect from 80.94.95.125 port 30847:11: Bye [preauth]
May 12 07:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: Disconnected from 80.94.95.125 port 30847 [preauth]
May 12 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30094]: pam_unix(cron:session): session closed for user root
May 12 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31399]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31400]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31397]: pam_unix(cron:session): session closed for user p13x
May 12 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31459]: Successful su for rubyman by root
May 12 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31459]: + ??? root:rubyman
May 12 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377673 of user rubyman.
May 12 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31459]: pam_unix(su:session): session closed for user rubyman
May 12 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377673.
May 12 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28727]: pam_unix(cron:session): session closed for user root
May 12 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31398]: pam_unix(cron:session): session closed for user samftp
May 12 07:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30494]: pam_unix(cron:session): session closed for user root
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31829]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31831]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31830]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31828]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31831]: pam_unix(cron:session): session closed for user root
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31826]: pam_unix(cron:session): session closed for user p13x
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31910]: Successful su for rubyman by root
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31910]: + ??? root:rubyman
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377679 of user rubyman.
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31910]: pam_unix(su:session): session closed for user rubyman
May 12 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377679.
May 12 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31828]: pam_unix(cron:session): session closed for user root
May 12 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29231]: pam_unix(cron:session): session closed for user root
May 12 07:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31827]: pam_unix(cron:session): session closed for user samftp
May 12 07:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Invalid user quantum from 186.233.208.13
May 12 07:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: input_userauth_request: invalid user quantum [preauth]
May 12 07:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 07:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Failed password for invalid user quantum from 186.233.208.13 port 45458 ssh2
May 12 07:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Received disconnect from 186.233.208.13 port 45458:11: Bye Bye [preauth]
May 12 07:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Disconnected from 186.233.208.13 port 45458 [preauth]
May 12 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30891]: pam_unix(cron:session): session closed for user root
May 12 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32581]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32580]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32578]: pam_unix(cron:session): session closed for user p13x
May 12 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32745]: Successful su for rubyman by root
May 12 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32745]: + ??? root:rubyman
May 12 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377682 of user rubyman.
May 12 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32745]: pam_unix(su:session): session closed for user rubyman
May 12 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377682.
May 12 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29655]: pam_unix(cron:session): session closed for user root
May 12 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32579]: pam_unix(cron:session): session closed for user samftp
May 12 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31400]: pam_unix(cron:session): session closed for user root
May 12 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194  user=root
May 12 07:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: Failed password for root from 34.123.134.194 port 43922 ssh2
May 12 07:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: Received disconnect from 34.123.134.194 port 43922:11: Bye Bye [preauth]
May 12 07:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: Disconnected from 34.123.134.194 port 43922 [preauth]
May 12 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[721]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[722]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[719]: pam_unix(cron:session): session closed for user p13x
May 12 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[789]: Successful su for rubyman by root
May 12 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[789]: + ??? root:rubyman
May 12 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377686 of user rubyman.
May 12 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[789]: pam_unix(su:session): session closed for user rubyman
May 12 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377686.
May 12 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30093]: pam_unix(cron:session): session closed for user root
May 12 07:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[720]: pam_unix(cron:session): session closed for user samftp
May 12 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31830]: pam_unix(cron:session): session closed for user root
May 12 07:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.108.106  user=root
May 12 07:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Failed password for root from 218.92.0.179 port 29364 ssh2
May 12 07:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Failed password for root from 87.106.108.106 port 38634 ssh2
May 12 07:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Received disconnect from 87.106.108.106 port 38634:11: Bye Bye [preauth]
May 12 07:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Disconnected from 87.106.108.106 port 38634 [preauth]
May 12 07:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Failed password for root from 218.92.0.179 port 29364 ssh2
May 12 07:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Failed password for root from 218.92.0.179 port 29364 ssh2
May 12 07:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Received disconnect from 218.92.0.179 port 29364:11:  [preauth]
May 12 07:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Disconnected from 218.92.0.179 port 29364 [preauth]
May 12 07:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1199]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1200]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1196]: pam_unix(cron:session): session closed for user p13x
May 12 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1284]: Successful su for rubyman by root
May 12 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1284]: + ??? root:rubyman
May 12 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377690 of user rubyman.
May 12 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1284]: pam_unix(su:session): session closed for user rubyman
May 12 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377690.
May 12 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30493]: pam_unix(cron:session): session closed for user root
May 12 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session closed for user samftp
May 12 07:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1535]: Invalid user zhanghaomima from 190.103.202.7
May 12 07:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1535]: input_userauth_request: invalid user zhanghaomima [preauth]
May 12 07:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1535]: pam_unix(sshd:auth): check pass; user unknown
May 12 07:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 07:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1535]: Failed password for invalid user zhanghaomima from 190.103.202.7 port 36596 ssh2
May 12 07:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1535]: Connection closed by 190.103.202.7 port 36596 [preauth]
May 12 07:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32581]: pam_unix(cron:session): session closed for user root
May 12 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 07:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1694]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1689]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session closed for user p13x
May 12 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1771]: Successful su for rubyman by root
May 12 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1771]: + ??? root:rubyman
May 12 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377695 of user rubyman.
May 12 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1771]: pam_unix(su:session): session closed for user rubyman
May 12 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377695.
May 12 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Failed password for root from 80.94.95.15 port 62895 ssh2
May 12 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Failed password for root from 80.94.95.15 port 62895 ssh2
May 12 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30890]: pam_unix(cron:session): session closed for user root
May 12 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1688]: pam_unix(cron:session): session closed for user samftp
May 12 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Failed password for root from 80.94.95.15 port 62895 ssh2
May 12 07:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: message repeated 2 times: [ Failed password for root from 80.94.95.15 port 62895 ssh2]
May 12 07:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Received disconnect from 80.94.95.15 port 62895:11: Bye [preauth]
May 12 07:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Disconnected from 80.94.95.15 port 62895 [preauth]
May 12 07:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 07:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[722]: pam_unix(cron:session): session closed for user root
May 12 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2208]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2209]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2210]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2211]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2208]: pam_unix(cron:session): session closed for user root
May 12 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session closed for user root
May 12 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2206]: pam_unix(cron:session): session closed for user p13x
May 12 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2300]: Successful su for rubyman by root
May 12 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2300]: + ??? root:rubyman
May 12 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377702 of user rubyman.
May 12 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2300]: pam_unix(su:session): session closed for user rubyman
May 12 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377702.
May 12 08:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31399]: pam_unix(cron:session): session closed for user root
May 12 08:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2209]: pam_unix(cron:session): session closed for user root
May 12 08:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2207]: pam_unix(cron:session): session closed for user samftp
May 12 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1200]: pam_unix(cron:session): session closed for user root
May 12 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2758]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2757]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2755]: pam_unix(cron:session): session closed for user p13x
May 12 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2824]: Successful su for rubyman by root
May 12 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2824]: + ??? root:rubyman
May 12 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377705 of user rubyman.
May 12 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2824]: pam_unix(su:session): session closed for user rubyman
May 12 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377705.
May 12 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31829]: pam_unix(cron:session): session closed for user root
May 12 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2756]: pam_unix(cron:session): session closed for user samftp
May 12 08:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: Invalid user boy from 186.233.208.13
May 12 08:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: input_userauth_request: invalid user boy [preauth]
May 12 08:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 08:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: Failed password for invalid user boy from 186.233.208.13 port 53754 ssh2
May 12 08:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: Received disconnect from 186.233.208.13 port 53754:11: Bye Bye [preauth]
May 12 08:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: Disconnected from 186.233.208.13 port 53754 [preauth]
May 12 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1694]: pam_unix(cron:session): session closed for user root
May 12 08:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194  user=root
May 12 08:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3128]: Failed password for root from 34.123.134.194 port 51168 ssh2
May 12 08:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3128]: Received disconnect from 34.123.134.194 port 51168:11: Bye Bye [preauth]
May 12 08:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3128]: Disconnected from 34.123.134.194 port 51168 [preauth]
May 12 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3182]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3180]: pam_unix(cron:session): session closed for user p13x
May 12 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3247]: Successful su for rubyman by root
May 12 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3247]: + ??? root:rubyman
May 12 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377710 of user rubyman.
May 12 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3247]: pam_unix(su:session): session closed for user rubyman
May 12 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377710.
May 12 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32580]: pam_unix(cron:session): session closed for user root
May 12 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3181]: pam_unix(cron:session): session closed for user samftp
May 12 08:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2211]: pam_unix(cron:session): session closed for user root
May 12 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3644]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3645]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3642]: pam_unix(cron:session): session closed for user p13x
May 12 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3701]: Successful su for rubyman by root
May 12 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3701]: + ??? root:rubyman
May 12 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377713 of user rubyman.
May 12 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3701]: pam_unix(su:session): session closed for user rubyman
May 12 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377713.
May 12 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[721]: pam_unix(cron:session): session closed for user root
May 12 08:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3643]: pam_unix(cron:session): session closed for user samftp
May 12 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2758]: pam_unix(cron:session): session closed for user root
May 12 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4071]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4068]: pam_unix(cron:session): session closed for user p13x
May 12 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4128]: Successful su for rubyman by root
May 12 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4128]: + ??? root:rubyman
May 12 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377718 of user rubyman.
May 12 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4128]: pam_unix(su:session): session closed for user rubyman
May 12 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377718.
May 12 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1199]: pam_unix(cron:session): session closed for user root
May 12 08:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4070]: pam_unix(cron:session): session closed for user samftp
May 12 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3184]: pam_unix(cron:session): session closed for user root
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4633]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4634]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4635]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4632]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4635]: pam_unix(cron:session): session closed for user root
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4630]: pam_unix(cron:session): session closed for user p13x
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: Successful su for rubyman by root
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: + ??? root:rubyman
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377722 of user rubyman.
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: pam_unix(su:session): session closed for user rubyman
May 12 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377722.
May 12 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1689]: pam_unix(cron:session): session closed for user root
May 12 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4632]: pam_unix(cron:session): session closed for user root
May 12 08:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4631]: pam_unix(cron:session): session closed for user samftp
May 12 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3645]: pam_unix(cron:session): session closed for user root
May 12 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5278]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5277]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5274]: pam_unix(cron:session): session closed for user p13x
May 12 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5343]: Successful su for rubyman by root
May 12 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5343]: + ??? root:rubyman
May 12 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377728 of user rubyman.
May 12 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5343]: pam_unix(su:session): session closed for user rubyman
May 12 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377728.
May 12 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2210]: pam_unix(cron:session): session closed for user root
May 12 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5276]: pam_unix(cron:session): session closed for user samftp
May 12 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session closed for user root
May 12 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: Invalid user deploy from 34.123.134.194
May 12 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: input_userauth_request: invalid user deploy [preauth]
May 12 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194
May 12 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: Failed password for invalid user deploy from 34.123.134.194 port 58406 ssh2
May 12 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: Received disconnect from 34.123.134.194 port 58406:11: Bye Bye [preauth]
May 12 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: Disconnected from 34.123.134.194 port 58406 [preauth]
May 12 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May 12 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Failed password for root from 186.233.208.13 port 58908 ssh2
May 12 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Received disconnect from 186.233.208.13 port 58908:11: Bye Bye [preauth]
May 12 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Disconnected from 186.233.208.13 port 58908 [preauth]
May 12 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5753]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5752]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5750]: pam_unix(cron:session): session closed for user p13x
May 12 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5902]: Successful su for rubyman by root
May 12 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5902]: + ??? root:rubyman
May 12 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377732 of user rubyman.
May 12 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5902]: pam_unix(su:session): session closed for user rubyman
May 12 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377732.
May 12 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2757]: pam_unix(cron:session): session closed for user root
May 12 08:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5751]: pam_unix(cron:session): session closed for user samftp
May 12 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4634]: pam_unix(cron:session): session closed for user root
May 12 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6263]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6262]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6260]: pam_unix(cron:session): session closed for user p13x
May 12 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6324]: Successful su for rubyman by root
May 12 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6324]: + ??? root:rubyman
May 12 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377735 of user rubyman.
May 12 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6324]: pam_unix(su:session): session closed for user rubyman
May 12 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377735.
May 12 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3182]: pam_unix(cron:session): session closed for user root
May 12 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session closed for user samftp
May 12 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5278]: pam_unix(cron:session): session closed for user root
May 12 08:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May 12 08:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: Failed password for root from 218.92.0.211 port 44990 ssh2
May 12 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: message repeated 4 times: [ Failed password for root from 218.92.0.211 port 44990 ssh2]
May 12 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 44990 ssh2 [preauth]
May 12 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: Disconnecting: Too many authentication failures [preauth]
May 12 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May 12 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6666]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6665]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6660]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6663]: pam_unix(cron:session): session closed for user p13x
May 12 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6789]: Successful su for rubyman by root
May 12 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6789]: + ??? root:rubyman
May 12 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377739 of user rubyman.
May 12 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6789]: pam_unix(su:session): session closed for user rubyman
May 12 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377739.
May 12 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6660]: pam_unix(cron:session): session closed for user root
May 12 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3644]: pam_unix(cron:session): session closed for user root
May 12 08:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6664]: pam_unix(cron:session): session closed for user samftp
May 12 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5753]: pam_unix(cron:session): session closed for user root
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7283]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7281]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7282]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7280]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7283]: pam_unix(cron:session): session closed for user root
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7278]: pam_unix(cron:session): session closed for user p13x
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7346]: Successful su for rubyman by root
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7346]: + ??? root:rubyman
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377747 of user rubyman.
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7346]: pam_unix(su:session): session closed for user rubyman
May 12 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377747.
May 12 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7280]: pam_unix(cron:session): session closed for user root
May 12 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4071]: pam_unix(cron:session): session closed for user root
May 12 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7279]: pam_unix(cron:session): session closed for user samftp
May 12 08:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 08:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: Failed password for root from 80.94.95.125 port 26316 ssh2
May 12 08:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: Received disconnect from 80.94.95.125 port 26316:11: Bye [preauth]
May 12 08:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: Disconnected from 80.94.95.125 port 26316 [preauth]
May 12 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6263]: pam_unix(cron:session): session closed for user root
May 12 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7834]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7833]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7831]: pam_unix(cron:session): session closed for user p13x
May 12 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7898]: Successful su for rubyman by root
May 12 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7898]: + ??? root:rubyman
May 12 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377752 of user rubyman.
May 12 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7898]: pam_unix(su:session): session closed for user rubyman
May 12 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377752.
May 12 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4633]: pam_unix(cron:session): session closed for user root
May 12 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7832]: pam_unix(cron:session): session closed for user samftp
May 12 08:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6666]: pam_unix(cron:session): session closed for user root
May 12 08:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194  user=root
May 12 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8227]: Failed password for root from 34.123.134.194 port 37424 ssh2
May 12 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8227]: Received disconnect from 34.123.134.194 port 37424:11: Bye Bye [preauth]
May 12 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8227]: Disconnected from 34.123.134.194 port 37424 [preauth]
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8275]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8274]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8272]: pam_unix(cron:session): session closed for user p13x
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: Invalid user  from 65.49.1.147
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: input_userauth_request: invalid user  [preauth]
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8338]: Successful su for rubyman by root
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8338]: + ??? root:rubyman
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377754 of user rubyman.
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8338]: pam_unix(su:session): session closed for user rubyman
May 12 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377754.
May 12 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5277]: pam_unix(cron:session): session closed for user root
May 12 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: Connection closed by 65.49.1.147 port 61047 [preauth]
May 12 08:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8273]: pam_unix(cron:session): session closed for user samftp
May 12 08:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7282]: pam_unix(cron:session): session closed for user root
May 12 08:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May 12 08:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: Failed password for root from 186.233.208.13 port 34424 ssh2
May 12 08:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: Received disconnect from 186.233.208.13 port 34424:11: Bye Bye [preauth]
May 12 08:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: Disconnected from 186.233.208.13 port 34424 [preauth]
May 12 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8704]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8707]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8697]: pam_unix(cron:session): session closed for user p13x
May 12 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8769]: Successful su for rubyman by root
May 12 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8769]: + ??? root:rubyman
May 12 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377760 of user rubyman.
May 12 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8769]: pam_unix(su:session): session closed for user rubyman
May 12 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377760.
May 12 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5752]: pam_unix(cron:session): session closed for user root
May 12 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8702]: pam_unix(cron:session): session closed for user samftp
May 12 08:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Failed password for root from 218.92.0.179 port 57829 ssh2
May 12 08:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Failed password for root from 218.92.0.179 port 57829 ssh2
May 12 08:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Invalid user deploy from 87.106.108.106
May 12 08:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: input_userauth_request: invalid user deploy [preauth]
May 12 08:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.108.106
May 12 08:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: Invalid user admin from 45.6.188.43
May 12 08:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: input_userauth_request: invalid user admin [preauth]
May 12 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 12 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Failed password for root from 218.92.0.179 port 57829 ssh2
May 12 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Received disconnect from 218.92.0.179 port 57829:11:  [preauth]
May 12 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Disconnected from 218.92.0.179 port 57829 [preauth]
May 12 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Failed password for invalid user deploy from 87.106.108.106 port 43856 ssh2
May 12 08:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Received disconnect from 87.106.108.106 port 43856:11: Bye Bye [preauth]
May 12 08:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Disconnected from 87.106.108.106 port 43856 [preauth]
May 12 08:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: Failed password for invalid user admin from 45.6.188.43 port 55874 ssh2
May 12 08:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: Connection closed by 45.6.188.43 port 55874 [preauth]
May 12 08:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7834]: pam_unix(cron:session): session closed for user root
May 12 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9207]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9208]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9205]: pam_unix(cron:session): session closed for user p13x
May 12 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9279]: Successful su for rubyman by root
May 12 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9279]: + ??? root:rubyman
May 12 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377764 of user rubyman.
May 12 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9279]: pam_unix(su:session): session closed for user rubyman
May 12 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377764.
May 12 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6262]: pam_unix(cron:session): session closed for user root
May 12 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9206]: pam_unix(cron:session): session closed for user samftp
May 12 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8275]: pam_unix(cron:session): session closed for user root
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9633]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9631]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9630]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9632]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9633]: pam_unix(cron:session): session closed for user root
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9628]: pam_unix(cron:session): session closed for user p13x
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9701]: Successful su for rubyman by root
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9701]: + ??? root:rubyman
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377768 of user rubyman.
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9701]: pam_unix(su:session): session closed for user rubyman
May 12 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377768.
May 12 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9630]: pam_unix(cron:session): session closed for user root
May 12 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6665]: pam_unix(cron:session): session closed for user root
May 12 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9629]: pam_unix(cron:session): session closed for user samftp
May 12 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8707]: pam_unix(cron:session): session closed for user root
May 12 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10070]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10069]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10066]: pam_unix(cron:session): session closed for user p13x
May 12 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10136]: Successful su for rubyman by root
May 12 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10136]: + ??? root:rubyman
May 12 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377773 of user rubyman.
May 12 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10136]: pam_unix(su:session): session closed for user rubyman
May 12 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377773.
May 12 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7281]: pam_unix(cron:session): session closed for user root
May 12 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10068]: pam_unix(cron:session): session closed for user samftp
May 12 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9208]: pam_unix(cron:session): session closed for user root
May 12 08:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.39.1.158  user=root
May 12 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10490]: Failed password for root from 110.39.1.158 port 22797 ssh2
May 12 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10490]: Connection closed by 110.39.1.158 port 22797 [preauth]
May 12 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Invalid user postgres from 34.123.134.194
May 12 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: input_userauth_request: invalid user postgres [preauth]
May 12 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194
May 12 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Failed password for invalid user postgres from 34.123.134.194 port 44658 ssh2
May 12 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Received disconnect from 34.123.134.194 port 44658:11: Bye Bye [preauth]
May 12 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Disconnected from 34.123.134.194 port 44658 [preauth]
May 12 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10593]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10594]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session closed for user root
May 12 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10587]: pam_unix(cron:session): session closed for user p13x
May 12 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10691]: Successful su for rubyman by root
May 12 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10691]: + ??? root:rubyman
May 12 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377777 of user rubyman.
May 12 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10691]: pam_unix(su:session): session closed for user rubyman
May 12 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377777.
May 12 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7833]: pam_unix(cron:session): session closed for user root
May 12 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10592]: pam_unix(cron:session): session closed for user samftp
May 12 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9632]: pam_unix(cron:session): session closed for user root
May 12 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11042]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11040]: pam_unix(cron:session): session closed for user p13x
May 12 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11103]: Successful su for rubyman by root
May 12 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11103]: + ??? root:rubyman
May 12 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377781 of user rubyman.
May 12 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11103]: pam_unix(su:session): session closed for user rubyman
May 12 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377781.
May 12 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8274]: pam_unix(cron:session): session closed for user root
May 12 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session closed for user samftp
May 12 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10070]: pam_unix(cron:session): session closed for user root
May 12 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: Invalid user sshtunnel from 186.233.208.13
May 12 08:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: input_userauth_request: invalid user sshtunnel [preauth]
May 12 08:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 08:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: Failed password for invalid user sshtunnel from 186.233.208.13 port 50574 ssh2
May 12 08:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: Received disconnect from 186.233.208.13 port 50574:11: Bye Bye [preauth]
May 12 08:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: Disconnected from 186.233.208.13 port 50574 [preauth]
May 12 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11433]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11434]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11431]: pam_unix(cron:session): session closed for user p13x
May 12 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11496]: Successful su for rubyman by root
May 12 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11496]: + ??? root:rubyman
May 12 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377785 of user rubyman.
May 12 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11496]: pam_unix(su:session): session closed for user rubyman
May 12 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377785.
May 12 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8704]: pam_unix(cron:session): session closed for user root
May 12 08:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11432]: pam_unix(cron:session): session closed for user samftp
May 12 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10594]: pam_unix(cron:session): session closed for user root
May 12 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11836]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11837]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11837]: pam_unix(cron:session): session closed for user root
May 12 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session closed for user p13x
May 12 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: Successful su for rubyman by root
May 12 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: + ??? root:rubyman
May 12 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377789 of user rubyman.
May 12 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: pam_unix(su:session): session closed for user rubyman
May 12 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377789.
May 12 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9207]: pam_unix(cron:session): session closed for user root
May 12 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session closed for user root
May 12 08:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session closed for user samftp
May 12 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session closed for user root
May 12 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12251]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12250]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12248]: pam_unix(cron:session): session closed for user p13x
May 12 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12332]: Successful su for rubyman by root
May 12 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12332]: + ??? root:rubyman
May 12 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377795 of user rubyman.
May 12 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12332]: pam_unix(su:session): session closed for user rubyman
May 12 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377795.
May 12 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9631]: pam_unix(cron:session): session closed for user root
May 12 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12249]: pam_unix(cron:session): session closed for user samftp
May 12 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194  user=root
May 12 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: Failed password for root from 34.123.134.194 port 51900 ssh2
May 12 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: Received disconnect from 34.123.134.194 port 51900:11: Bye Bye [preauth]
May 12 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: Disconnected from 34.123.134.194 port 51900 [preauth]
May 12 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11434]: pam_unix(cron:session): session closed for user root
May 12 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12658]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12657]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12655]: pam_unix(cron:session): session closed for user p13x
May 12 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: Successful su for rubyman by root
May 12 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: + ??? root:rubyman
May 12 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377800 of user rubyman.
May 12 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: pam_unix(su:session): session closed for user rubyman
May 12 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377800.
May 12 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10069]: pam_unix(cron:session): session closed for user root
May 12 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12656]: pam_unix(cron:session): session closed for user samftp
May 12 08:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11836]: pam_unix(cron:session): session closed for user root
May 12 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13060]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13056]: pam_unix(cron:session): session closed for user p13x
May 12 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13118]: Successful su for rubyman by root
May 12 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13118]: + ??? root:rubyman
May 12 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377804 of user rubyman.
May 12 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13118]: pam_unix(su:session): session closed for user rubyman
May 12 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377804.
May 12 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10593]: pam_unix(cron:session): session closed for user root
May 12 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13058]: pam_unix(cron:session): session closed for user samftp
May 12 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12251]: pam_unix(cron:session): session closed for user root
May 12 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13547]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13548]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13545]: pam_unix(cron:session): session closed for user p13x
May 12 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13612]: Successful su for rubyman by root
May 12 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13612]: + ??? root:rubyman
May 12 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377807 of user rubyman.
May 12 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13612]: pam_unix(su:session): session closed for user rubyman
May 12 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377807.
May 12 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11042]: pam_unix(cron:session): session closed for user root
May 12 08:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13546]: pam_unix(cron:session): session closed for user samftp
May 12 08:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May 12 08:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: Failed password for root from 186.233.208.13 port 45738 ssh2
May 12 08:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: Received disconnect from 186.233.208.13 port 45738:11: Bye Bye [preauth]
May 12 08:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: Disconnected from 186.233.208.13 port 45738 [preauth]
May 12 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 08:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: Failed password for root from 80.94.95.125 port 43817 ssh2
May 12 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: Received disconnect from 80.94.95.125 port 43817:11: Bye [preauth]
May 12 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: Disconnected from 80.94.95.125 port 43817 [preauth]
May 12 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12658]: pam_unix(cron:session): session closed for user root
May 12 08:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session closed for user root
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13959]: pam_unix(cron:session): session closed for user p13x
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14031]: Successful su for rubyman by root
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14031]: + ??? root:rubyman
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377813 of user rubyman.
May 12 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14031]: pam_unix(su:session): session closed for user rubyman
May 12 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377813.
May 12 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session closed for user root
May 12 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11433]: pam_unix(cron:session): session closed for user root
May 12 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session closed for user samftp
May 12 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session closed for user root
May 12 08:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14350]: Failed password for root from 218.92.0.179 port 64982 ssh2
May 12 08:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14350]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 64982 ssh2]
May 12 08:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14350]: Received disconnect from 218.92.0.179 port 64982:11:  [preauth]
May 12 08:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14350]: Disconnected from 218.92.0.179 port 64982 [preauth]
May 12 08:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14350]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14395]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14396]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14393]: pam_unix(cron:session): session closed for user p13x
May 12 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14460]: Successful su for rubyman by root
May 12 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14460]: + ??? root:rubyman
May 12 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377817 of user rubyman.
May 12 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14460]: pam_unix(su:session): session closed for user rubyman
May 12 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377817.
May 12 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session closed for user root
May 12 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14394]: pam_unix(cron:session): session closed for user samftp
May 12 08:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Invalid user admin from 80.94.95.112
May 12 08:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: input_userauth_request: invalid user admin [preauth]
May 12 08:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 08:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Failed password for invalid user admin from 80.94.95.112 port 45466 ssh2
May 12 08:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Failed password for invalid user admin from 80.94.95.112 port 45466 ssh2
May 12 08:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Failed password for invalid user admin from 80.94.95.112 port 45466 ssh2
May 12 08:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Failed password for invalid user admin from 80.94.95.112 port 45466 ssh2
May 12 08:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Failed password for invalid user admin from 80.94.95.112 port 45466 ssh2
May 12 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Received disconnect from 80.94.95.112 port 45466:11: Bye [preauth]
May 12 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Disconnected from 80.94.95.112 port 45466 [preauth]
May 12 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 08:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: Invalid user mirco from 34.123.134.194
May 12 08:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: input_userauth_request: invalid user mirco [preauth]
May 12 08:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194
May 12 08:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: Failed password for invalid user mirco from 34.123.134.194 port 59134 ssh2
May 12 08:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: Received disconnect from 34.123.134.194 port 59134:11: Bye Bye [preauth]
May 12 08:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: Disconnected from 34.123.134.194 port 59134 [preauth]
May 12 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13548]: pam_unix(cron:session): session closed for user root
May 12 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14823]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14822]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14820]: pam_unix(cron:session): session closed for user p13x
May 12 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14882]: Successful su for rubyman by root
May 12 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14882]: + ??? root:rubyman
May 12 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377822 of user rubyman.
May 12 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14882]: pam_unix(su:session): session closed for user rubyman
May 12 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377822.
May 12 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12250]: pam_unix(cron:session): session closed for user root
May 12 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14821]: pam_unix(cron:session): session closed for user samftp
May 12 08:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session closed for user root
May 12 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15222]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15223]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15220]: pam_unix(cron:session): session closed for user p13x
May 12 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15281]: Successful su for rubyman by root
May 12 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15281]: + ??? root:rubyman
May 12 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377826 of user rubyman.
May 12 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15281]: pam_unix(su:session): session closed for user rubyman
May 12 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377826.
May 12 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12657]: pam_unix(cron:session): session closed for user root
May 12 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15221]: pam_unix(cron:session): session closed for user samftp
May 12 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14396]: pam_unix(cron:session): session closed for user root
May 12 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15614]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15613]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15611]: pam_unix(cron:session): session closed for user p13x
May 12 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15669]: Successful su for rubyman by root
May 12 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15669]: + ??? root:rubyman
May 12 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377829 of user rubyman.
May 12 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15669]: pam_unix(su:session): session closed for user rubyman
May 12 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377829.
May 12 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13060]: pam_unix(cron:session): session closed for user root
May 12 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15612]: pam_unix(cron:session): session closed for user samftp
May 12 08:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14823]: pam_unix(cron:session): session closed for user root
May 12 08:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: Failed password for root from 218.92.0.179 port 45083 ssh2
May 12 08:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45083 ssh2]
May 12 08:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: Received disconnect from 218.92.0.179 port 45083:11:  [preauth]
May 12 08:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: Disconnected from 218.92.0.179 port 45083 [preauth]
May 12 08:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16013]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16014]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16012]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16015]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16015]: pam_unix(cron:session): session closed for user root
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16010]: pam_unix(cron:session): session closed for user p13x
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: Successful su for rubyman by root
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: + ??? root:rubyman
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377835 of user rubyman.
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: pam_unix(su:session): session closed for user rubyman
May 12 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377835.
May 12 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16012]: pam_unix(cron:session): session closed for user root
May 12 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13547]: pam_unix(cron:session): session closed for user root
May 12 08:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16011]: pam_unix(cron:session): session closed for user samftp
May 12 08:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Invalid user celka from 186.233.208.13
May 12 08:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: input_userauth_request: invalid user celka [preauth]
May 12 08:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 08:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Failed password for invalid user celka from 186.233.208.13 port 44214 ssh2
May 12 08:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Received disconnect from 186.233.208.13 port 44214:11: Bye Bye [preauth]
May 12 08:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Disconnected from 186.233.208.13 port 44214 [preauth]
May 12 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15223]: pam_unix(cron:session): session closed for user root
May 12 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16421]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16422]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16418]: pam_unix(cron:session): session closed for user p13x
May 12 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16526]: Successful su for rubyman by root
May 12 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16526]: + ??? root:rubyman
May 12 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377841 of user rubyman.
May 12 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16526]: pam_unix(su:session): session closed for user rubyman
May 12 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377841.
May 12 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session closed for user root
May 12 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16420]: pam_unix(cron:session): session closed for user samftp
May 12 08:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Invalid user test from 34.123.134.194
May 12 08:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: input_userauth_request: invalid user test [preauth]
May 12 08:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194
May 12 08:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: Failed password for root from 218.92.0.179 port 15236 ssh2
May 12 08:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Failed password for invalid user test from 34.123.134.194 port 38140 ssh2
May 12 08:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Received disconnect from 34.123.134.194 port 38140:11: Bye Bye [preauth]
May 12 08:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Disconnected from 34.123.134.194 port 38140 [preauth]
May 12 08:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: Failed password for root from 218.92.0.179 port 15236 ssh2
May 12 08:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: Failed password for root from 218.92.0.179 port 15236 ssh2
May 12 08:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: Received disconnect from 218.92.0.179 port 15236:11:  [preauth]
May 12 08:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: Disconnected from 218.92.0.179 port 15236 [preauth]
May 12 08:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15614]: pam_unix(cron:session): session closed for user root
May 12 08:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May 12 08:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: Failed password for root from 50.235.31.47 port 55378 ssh2
May 12 08:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: Connection closed by 50.235.31.47 port 55378 [preauth]
May 12 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16905]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16913]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16903]: pam_unix(cron:session): session closed for user p13x
May 12 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16984]: Successful su for rubyman by root
May 12 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16984]: + ??? root:rubyman
May 12 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377844 of user rubyman.
May 12 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16984]: pam_unix(su:session): session closed for user rubyman
May 12 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377844.
May 12 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14395]: pam_unix(cron:session): session closed for user root
May 12 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16904]: pam_unix(cron:session): session closed for user samftp
May 12 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16014]: pam_unix(cron:session): session closed for user root
May 12 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17325]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17326]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17323]: pam_unix(cron:session): session closed for user p13x
May 12 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17383]: Successful su for rubyman by root
May 12 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17383]: + ??? root:rubyman
May 12 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377848 of user rubyman.
May 12 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17383]: pam_unix(su:session): session closed for user rubyman
May 12 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377848.
May 12 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14822]: pam_unix(cron:session): session closed for user root
May 12 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17324]: pam_unix(cron:session): session closed for user samftp
May 12 08:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16422]: pam_unix(cron:session): session closed for user root
May 12 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17740]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17739]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session closed for user p13x
May 12 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17904]: Successful su for rubyman by root
May 12 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17904]: + ??? root:rubyman
May 12 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377853 of user rubyman.
May 12 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17904]: pam_unix(su:session): session closed for user rubyman
May 12 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377853.
May 12 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15222]: pam_unix(cron:session): session closed for user root
May 12 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17738]: pam_unix(cron:session): session closed for user samftp
May 12 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16913]: pam_unix(cron:session): session closed for user root
May 12 08:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197  user=root
May 12 08:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Failed password for root from 175.211.69.197 port 41882 ssh2
May 12 08:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: message repeated 3 times: [ Failed password for root from 175.211.69.197 port 41882 ssh2]
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18260]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18260]: pam_unix(cron:session): session closed for user root
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session closed for user p13x
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18327]: Successful su for rubyman by root
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18327]: + ??? root:rubyman
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377856 of user rubyman.
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18327]: pam_unix(su:session): session closed for user rubyman
May 12 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377856.
May 12 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Failed password for root from 175.211.69.197 port 41882 ssh2
May 12 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session closed for user root
May 12 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15613]: pam_unix(cron:session): session closed for user root
May 12 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Failed password for root from 175.211.69.197 port 41882 ssh2
May 12 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: error: maximum authentication attempts exceeded for root from 175.211.69.197 port 41882 ssh2 [preauth]
May 12 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Disconnecting: Too many authentication failures [preauth]
May 12 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197  user=root
May 12 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session closed for user samftp
May 12 08:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197  user=root
May 12 08:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: Failed password for root from 175.211.69.197 port 42870 ssh2
May 12 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: message repeated 5 times: [ Failed password for root from 175.211.69.197 port 42870 ssh2]
May 12 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: error: maximum authentication attempts exceeded for root from 175.211.69.197 port 42870 ssh2 [preauth]
May 12 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: Disconnecting: Too many authentication failures [preauth]
May 12 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197  user=root
May 12 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Failed password for root from 218.92.0.179 port 33713 ssh2
May 12 08:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Failed password for root from 218.92.0.179 port 33713 ssh2
May 12 08:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197  user=root
May 12 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Failed password for root from 218.92.0.179 port 33713 ssh2
May 12 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Received disconnect from 218.92.0.179 port 33713:11:  [preauth]
May 12 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Disconnected from 218.92.0.179 port 33713 [preauth]
May 12 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17326]: pam_unix(cron:session): session closed for user root
May 12 08:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: Failed password for root from 175.211.69.197 port 43946 ssh2
May 12 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: message repeated 5 times: [ Failed password for root from 175.211.69.197 port 43946 ssh2]
May 12 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: error: maximum authentication attempts exceeded for root from 175.211.69.197 port 43946 ssh2 [preauth]
May 12 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: Disconnecting: Too many authentication failures [preauth]
May 12 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197  user=root
May 12 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Invalid user minikube from 186.233.208.13
May 12 08:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: input_userauth_request: invalid user minikube [preauth]
May 12 08:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Failed password for invalid user minikube from 186.233.208.13 port 45234 ssh2
May 12 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Received disconnect from 186.233.208.13 port 45234:11: Bye Bye [preauth]
May 12 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Disconnected from 186.233.208.13 port 45234 [preauth]
May 12 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197  user=root
May 12 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: Failed password for root from 175.211.69.197 port 45082 ssh2
May 12 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: Received disconnect from 175.211.69.197 port 45082:11: disconnected by user [preauth]
May 12 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: Disconnected from 175.211.69.197 port 45082 [preauth]
May 12 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18720]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session closed for user p13x
May 12 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Invalid user wiebe from 34.123.134.194
May 12 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: input_userauth_request: invalid user wiebe [preauth]
May 12 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194
May 12 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18794]: Successful su for rubyman by root
May 12 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18794]: + ??? root:rubyman
May 12 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377861 of user rubyman.
May 12 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18794]: pam_unix(su:session): session closed for user rubyman
May 12 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377861.
May 12 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: Invalid user admin from 175.211.69.197
May 12 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: input_userauth_request: invalid user admin [preauth]
May 12 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Failed password for invalid user wiebe from 34.123.134.194 port 45370 ssh2
May 12 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Received disconnect from 34.123.134.194 port 45370:11: Bye Bye [preauth]
May 12 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Disconnected from 34.123.134.194 port 45370 [preauth]
May 12 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16013]: pam_unix(cron:session): session closed for user root
May 12 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: Failed password for invalid user admin from 175.211.69.197 port 45582 ssh2
May 12 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session closed for user samftp
May 12 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: Failed password for invalid user admin from 175.211.69.197 port 45582 ssh2
May 12 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: Failed password for invalid user admin from 175.211.69.197 port 45582 ssh2
May 12 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: Failed password for invalid user admin from 175.211.69.197 port 45582 ssh2
May 12 08:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: Failed password for invalid user admin from 175.211.69.197 port 45582 ssh2
May 12 08:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: Failed password for invalid user admin from 175.211.69.197 port 45582 ssh2
May 12 08:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: error: maximum authentication attempts exceeded for invalid user admin from 175.211.69.197 port 45582 ssh2 [preauth]
May 12 08:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: Disconnecting: Too many authentication failures [preauth]
May 12 08:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Invalid user admin from 175.211.69.197
May 12 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: input_userauth_request: invalid user admin [preauth]
May 12 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for invalid user admin from 175.211.69.197 port 46558 ssh2
May 12 08:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for invalid user admin from 175.211.69.197 port 46558 ssh2
May 12 08:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for invalid user admin from 175.211.69.197 port 46558 ssh2
May 12 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for invalid user admin from 175.211.69.197 port 46558 ssh2
May 12 08:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for invalid user admin from 175.211.69.197 port 46558 ssh2
May 12 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17740]: pam_unix(cron:session): session closed for user root
May 12 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for invalid user admin from 175.211.69.197 port 46558 ssh2
May 12 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: error: maximum authentication attempts exceeded for invalid user admin from 175.211.69.197 port 46558 ssh2 [preauth]
May 12 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Disconnecting: Too many authentication failures [preauth]
May 12 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Invalid user admin from 175.211.69.197
May 12 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: input_userauth_request: invalid user admin [preauth]
May 12 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Failed password for invalid user admin from 175.211.69.197 port 47612 ssh2
May 12 08:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19090]: Failed password for root from 218.92.0.179 port 64048 ssh2
May 12 08:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Failed password for invalid user admin from 175.211.69.197 port 47612 ssh2
May 12 08:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19090]: Failed password for root from 218.92.0.179 port 64048 ssh2
May 12 08:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Failed password for invalid user admin from 175.211.69.197 port 47612 ssh2
May 12 08:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19090]: Failed password for root from 218.92.0.179 port 64048 ssh2
May 12 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19090]: Received disconnect from 218.92.0.179 port 64048:11:  [preauth]
May 12 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19090]: Disconnected from 218.92.0.179 port 64048 [preauth]
May 12 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19090]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Failed password for invalid user admin from 175.211.69.197 port 47612 ssh2
May 12 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Received disconnect from 175.211.69.197 port 47612:11: disconnected by user [preauth]
May 12 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Disconnected from 175.211.69.197 port 47612 [preauth]
May 12 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: PAM service(sshd) ignoring max retries; 4 > 3
May 12 08:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Invalid user oracle from 175.211.69.197
May 12 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: input_userauth_request: invalid user oracle [preauth]
May 12 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Failed password for invalid user oracle from 175.211.69.197 port 48358 ssh2
May 12 08:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19142]: pam_unix(cron:session): session closed for user p13x
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19201]: Successful su for rubyman by root
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19201]: + ??? root:rubyman
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377865 of user rubyman.
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19201]: pam_unix(su:session): session closed for user rubyman
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377865.
May 12 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Failed password for invalid user oracle from 175.211.69.197 port 48358 ssh2
May 12 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Failed password for invalid user oracle from 175.211.69.197 port 48358 ssh2
May 12 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16421]: pam_unix(cron:session): session closed for user root
May 12 08:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Failed password for invalid user oracle from 175.211.69.197 port 48358 ssh2
May 12 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19143]: pam_unix(cron:session): session closed for user samftp
May 12 08:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Failed password for invalid user oracle from 175.211.69.197 port 48358 ssh2
May 12 08:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Failed password for invalid user oracle from 175.211.69.197 port 48358 ssh2
May 12 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: error: maximum authentication attempts exceeded for invalid user oracle from 175.211.69.197 port 48358 ssh2 [preauth]
May 12 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Disconnecting: Too many authentication failures [preauth]
May 12 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: Invalid user oracle from 175.211.69.197
May 12 08:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: input_userauth_request: invalid user oracle [preauth]
May 12 08:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: Failed password for invalid user oracle from 175.211.69.197 port 49270 ssh2
May 12 08:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: Failed password for invalid user oracle from 175.211.69.197 port 49270 ssh2
May 12 08:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: Failed password for invalid user oracle from 175.211.69.197 port 49270 ssh2
May 12 08:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: Failed password for invalid user oracle from 175.211.69.197 port 49270 ssh2
May 12 08:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: Failed password for invalid user oracle from 175.211.69.197 port 49270 ssh2
May 12 08:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: Failed password for invalid user oracle from 175.211.69.197 port 49270 ssh2
May 12 08:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: error: maximum authentication attempts exceeded for invalid user oracle from 175.211.69.197 port 49270 ssh2 [preauth]
May 12 08:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: Disconnecting: Too many authentication failures [preauth]
May 12 08:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19395]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: Invalid user oracle from 175.211.69.197
May 12 08:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: input_userauth_request: invalid user oracle [preauth]
May 12 08:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: Failed password for invalid user oracle from 175.211.69.197 port 50032 ssh2
May 12 08:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session closed for user root
May 12 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: Failed password for invalid user oracle from 175.211.69.197 port 50032 ssh2
May 12 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: Received disconnect from 175.211.69.197 port 50032:11: disconnected by user [preauth]
May 12 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: Disconnected from 175.211.69.197 port 50032 [preauth]
May 12 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Invalid user usuario from 175.211.69.197
May 12 08:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: input_userauth_request: invalid user usuario [preauth]
May 12 08:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user usuario from 175.211.69.197 port 50460 ssh2
May 12 08:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user usuario from 175.211.69.197 port 50460 ssh2
May 12 08:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user usuario from 175.211.69.197 port 50460 ssh2
May 12 08:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user usuario from 175.211.69.197 port 50460 ssh2
May 12 08:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user usuario from 175.211.69.197 port 50460 ssh2
May 12 08:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user usuario from 175.211.69.197 port 50460 ssh2
May 12 08:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: error: maximum authentication attempts exceeded for invalid user usuario from 175.211.69.197 port 50460 ssh2 [preauth]
May 12 08:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Disconnecting: Too many authentication failures [preauth]
May 12 08:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Invalid user usuario from 175.211.69.197
May 12 08:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: input_userauth_request: invalid user usuario [preauth]
May 12 08:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Failed password for invalid user usuario from 175.211.69.197 port 51328 ssh2
May 12 08:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Failed password for invalid user usuario from 175.211.69.197 port 51328 ssh2
May 12 08:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19556]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19555]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session closed for user p13x
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Failed password for invalid user usuario from 175.211.69.197 port 51328 ssh2
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19624]: Successful su for rubyman by root
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19624]: + ??? root:rubyman
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377869 of user rubyman.
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19624]: pam_unix(su:session): session closed for user rubyman
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377869.
May 12 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Failed password for invalid user usuario from 175.211.69.197 port 51328 ssh2
May 12 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16905]: pam_unix(cron:session): session closed for user root
May 12 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Failed password for invalid user usuario from 175.211.69.197 port 51328 ssh2
May 12 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19554]: pam_unix(cron:session): session closed for user samftp
May 12 08:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Failed password for invalid user usuario from 175.211.69.197 port 51328 ssh2
May 12 08:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: error: maximum authentication attempts exceeded for invalid user usuario from 175.211.69.197 port 51328 ssh2 [preauth]
May 12 08:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Disconnecting: Too many authentication failures [preauth]
May 12 08:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: Invalid user usuario from 175.211.69.197
May 12 08:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: input_userauth_request: invalid user usuario [preauth]
May 12 08:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: Failed password for invalid user usuario from 175.211.69.197 port 52244 ssh2
May 12 08:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: Failed password for invalid user usuario from 175.211.69.197 port 52244 ssh2
May 12 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: Received disconnect from 175.211.69.197 port 52244:11: disconnected by user [preauth]
May 12 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: Disconnected from 175.211.69.197 port 52244 [preauth]
May 12 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: Invalid user test from 175.211.69.197
May 12 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: input_userauth_request: invalid user test [preauth]
May 12 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: Failed password for invalid user test from 175.211.69.197 port 52784 ssh2
May 12 08:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: Failed password for root from 218.92.0.179 port 16577 ssh2
May 12 08:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 08:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: Failed password for invalid user test from 175.211.69.197 port 52784 ssh2
May 12 08:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: Failed password for root from 218.92.0.179 port 16577 ssh2
May 12 08:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Failed password for root from 80.94.95.125 port 47377 ssh2
May 12 08:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Received disconnect from 80.94.95.125 port 47377:11: Bye [preauth]
May 12 08:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Disconnected from 80.94.95.125 port 47377 [preauth]
May 12 08:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: Failed password for invalid user test from 175.211.69.197 port 52784 ssh2
May 12 08:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: Failed password for root from 218.92.0.179 port 16577 ssh2
May 12 08:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: Received disconnect from 218.92.0.179 port 16577:11:  [preauth]
May 12 08:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: Disconnected from 218.92.0.179 port 16577 [preauth]
May 12 08:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: Failed password for invalid user test from 175.211.69.197 port 52784 ssh2
May 12 08:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: Failed password for invalid user test from 175.211.69.197 port 52784 ssh2
May 12 08:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18720]: pam_unix(cron:session): session closed for user root
May 12 08:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: Failed password for invalid user test from 175.211.69.197 port 52784 ssh2
May 12 08:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: error: maximum authentication attempts exceeded for invalid user test from 175.211.69.197 port 52784 ssh2 [preauth]
May 12 08:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: Disconnecting: Too many authentication failures [preauth]
May 12 08:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Invalid user test from 175.211.69.197
May 12 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: input_userauth_request: invalid user test [preauth]
May 12 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user test from 175.211.69.197 port 53666 ssh2
May 12 08:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user test from 175.211.69.197 port 53666 ssh2
May 12 08:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user test from 175.211.69.197 port 53666 ssh2
May 12 08:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user test from 175.211.69.197 port 53666 ssh2
May 12 08:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user test from 175.211.69.197 port 53666 ssh2
May 12 08:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user test from 175.211.69.197 port 53666 ssh2
May 12 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: error: maximum authentication attempts exceeded for invalid user test from 175.211.69.197 port 53666 ssh2 [preauth]
May 12 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Disconnecting: Too many authentication failures [preauth]
May 12 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Invalid user test from 175.211.69.197
May 12 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: input_userauth_request: invalid user test [preauth]
May 12 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Failed password for invalid user test from 175.211.69.197 port 54778 ssh2
May 12 08:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19988]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19986]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19987]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19983]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19985]: pam_unix(cron:session): session closed for user p13x
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Failed password for invalid user test from 175.211.69.197 port 54778 ssh2
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Received disconnect from 175.211.69.197 port 54778:11: disconnected by user [preauth]
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Disconnected from 175.211.69.197 port 54778 [preauth]
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: Successful su for rubyman by root
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: + ??? root:rubyman
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377873 of user rubyman.
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: pam_unix(su:session): session closed for user rubyman
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377873.
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19983]: pam_unix(cron:session): session closed for user root
May 12 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17325]: pam_unix(cron:session): session closed for user root
May 12 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Invalid user user from 175.211.69.197
May 12 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: input_userauth_request: invalid user user [preauth]
May 12 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19986]: pam_unix(cron:session): session closed for user samftp
May 12 08:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Failed password for invalid user user from 175.211.69.197 port 55220 ssh2
May 12 08:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Failed password for invalid user user from 175.211.69.197 port 55220 ssh2
May 12 08:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Failed password for invalid user user from 175.211.69.197 port 55220 ssh2
May 12 08:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Failed password for invalid user user from 175.211.69.197 port 55220 ssh2
May 12 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Failed password for invalid user user from 175.211.69.197 port 55220 ssh2
May 12 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Failed password for invalid user user from 175.211.69.197 port 55220 ssh2
May 12 08:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: error: maximum authentication attempts exceeded for invalid user user from 175.211.69.197 port 55220 ssh2 [preauth]
May 12 08:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Disconnecting: Too many authentication failures [preauth]
May 12 08:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Invalid user user from 175.211.69.197
May 12 08:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: input_userauth_request: invalid user user [preauth]
May 12 08:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Failed password for invalid user user from 175.211.69.197 port 56148 ssh2
May 12 08:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Failed password for invalid user user from 175.211.69.197 port 56148 ssh2
May 12 08:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Failed password for invalid user user from 175.211.69.197 port 56148 ssh2
May 12 08:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Failed password for invalid user user from 175.211.69.197 port 56148 ssh2
May 12 08:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Failed password for invalid user user from 175.211.69.197 port 56148 ssh2
May 12 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session closed for user root
May 12 08:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Failed password for invalid user user from 175.211.69.197 port 56148 ssh2
May 12 08:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: error: maximum authentication attempts exceeded for invalid user user from 175.211.69.197 port 56148 ssh2 [preauth]
May 12 08:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Disconnecting: Too many authentication failures [preauth]
May 12 08:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: Invalid user user from 175.211.69.197
May 12 08:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: input_userauth_request: invalid user user [preauth]
May 12 08:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: Failed password for invalid user user from 175.211.69.197 port 57098 ssh2
May 12 08:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: Failed password for invalid user user from 175.211.69.197 port 57098 ssh2
May 12 08:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: Failed password for invalid user user from 175.211.69.197 port 57098 ssh2
May 12 08:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: Failed password for invalid user user from 175.211.69.197 port 57098 ssh2
May 12 08:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: Received disconnect from 175.211.69.197 port 57098:11: disconnected by user [preauth]
May 12 08:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: Disconnected from 175.211.69.197 port 57098 [preauth]
May 12 08:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: PAM service(sshd) ignoring max retries; 4 > 3
May 12 08:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Invalid user ftpuser from 175.211.69.197
May 12 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: input_userauth_request: invalid user ftpuser [preauth]
May 12 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Failed password for invalid user ftpuser from 175.211.69.197 port 57796 ssh2
May 12 08:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Failed password for invalid user ftpuser from 175.211.69.197 port 57796 ssh2
May 12 08:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20496]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session closed for user root
May 12 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20491]: pam_unix(cron:session): session closed for user p13x
May 12 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20567]: Successful su for rubyman by root
May 12 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20567]: + ??? root:rubyman
May 12 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377881 of user rubyman.
May 12 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20567]: pam_unix(su:session): session closed for user rubyman
May 12 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377881.
May 12 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Failed password for invalid user ftpuser from 175.211.69.197 port 57796 ssh2
May 12 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session closed for user root
May 12 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Failed password for invalid user ftpuser from 175.211.69.197 port 57796 ssh2
May 12 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17739]: pam_unix(cron:session): session closed for user root
May 12 08:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20492]: pam_unix(cron:session): session closed for user samftp
May 12 08:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Failed password for invalid user ftpuser from 175.211.69.197 port 57796 ssh2
May 12 08:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Failed password for invalid user ftpuser from 175.211.69.197 port 57796 ssh2
May 12 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: error: maximum authentication attempts exceeded for invalid user ftpuser from 175.211.69.197 port 57796 ssh2 [preauth]
May 12 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Disconnecting: Too many authentication failures [preauth]
May 12 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Invalid user ftpuser from 175.211.69.197
May 12 08:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: input_userauth_request: invalid user ftpuser [preauth]
May 12 08:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Failed password for invalid user ftpuser from 175.211.69.197 port 58840 ssh2
May 12 08:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Failed password for invalid user ftpuser from 175.211.69.197 port 58840 ssh2
May 12 08:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Failed password for invalid user ftpuser from 175.211.69.197 port 58840 ssh2
May 12 08:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Failed password for invalid user ftpuser from 175.211.69.197 port 58840 ssh2
May 12 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Failed password for invalid user ftpuser from 175.211.69.197 port 58840 ssh2
May 12 08:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Failed password for invalid user ftpuser from 175.211.69.197 port 58840 ssh2
May 12 08:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: error: maximum authentication attempts exceeded for invalid user ftpuser from 175.211.69.197 port 58840 ssh2 [preauth]
May 12 08:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Disconnecting: Too many authentication failures [preauth]
May 12 08:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Invalid user ftpuser from 175.211.69.197
May 12 08:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: input_userauth_request: invalid user ftpuser [preauth]
May 12 08:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19556]: pam_unix(cron:session): session closed for user root
May 12 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Failed password for invalid user ftpuser from 175.211.69.197 port 59774 ssh2
May 12 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Failed password for invalid user ftpuser from 175.211.69.197 port 59774 ssh2
May 12 08:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Failed password for invalid user ftpuser from 175.211.69.197 port 59774 ssh2
May 12 08:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Failed password for invalid user ftpuser from 175.211.69.197 port 59774 ssh2
May 12 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Received disconnect from 175.211.69.197 port 59774:11: disconnected by user [preauth]
May 12 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Disconnected from 175.211.69.197 port 59774 [preauth]
May 12 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: PAM service(sshd) ignoring max retries; 4 > 3
May 12 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Invalid user test1 from 175.211.69.197
May 12 08:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: input_userauth_request: invalid user test1 [preauth]
May 12 08:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user test1 from 175.211.69.197 port 60458 ssh2
May 12 08:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Invalid user marcus from 34.123.134.194
May 12 08:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: input_userauth_request: invalid user marcus [preauth]
May 12 08:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194
May 12 08:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user test1 from 175.211.69.197 port 60458 ssh2
May 12 08:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Failed password for invalid user marcus from 34.123.134.194 port 52610 ssh2
May 12 08:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Received disconnect from 34.123.134.194 port 52610:11: Bye Bye [preauth]
May 12 08:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Disconnected from 34.123.134.194 port 52610 [preauth]
May 12 08:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user test1 from 175.211.69.197 port 60458 ssh2
May 12 08:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user test1 from 175.211.69.197 port 60458 ssh2
May 12 08:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user test1 from 175.211.69.197 port 60458 ssh2
May 12 08:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user test1 from 175.211.69.197 port 60458 ssh2
May 12 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: error: maximum authentication attempts exceeded for invalid user test1 from 175.211.69.197 port 60458 ssh2 [preauth]
May 12 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Disconnecting: Too many authentication failures [preauth]
May 12 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20952]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20953]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20950]: pam_unix(cron:session): session closed for user p13x
May 12 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: Successful su for rubyman by root
May 12 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: + ??? root:rubyman
May 12 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377885 of user rubyman.
May 12 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: pam_unix(su:session): session closed for user rubyman
May 12 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377885.
May 12 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Invalid user test1 from 175.211.69.197
May 12 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: input_userauth_request: invalid user test1 [preauth]
May 12 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session closed for user root
May 12 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for invalid user test1 from 175.211.69.197 port 33294 ssh2
May 12 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20951]: pam_unix(cron:session): session closed for user samftp
May 12 08:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for invalid user test1 from 175.211.69.197 port 33294 ssh2
May 12 08:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for invalid user test1 from 175.211.69.197 port 33294 ssh2
May 12 08:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for invalid user test1 from 175.211.69.197 port 33294 ssh2
May 12 08:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for invalid user test1 from 175.211.69.197 port 33294 ssh2
May 12 08:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for invalid user test1 from 175.211.69.197 port 33294 ssh2
May 12 08:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: error: maximum authentication attempts exceeded for invalid user test1 from 175.211.69.197 port 33294 ssh2 [preauth]
May 12 08:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Disconnecting: Too many authentication failures [preauth]
May 12 08:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: Invalid user test1 from 175.211.69.197
May 12 08:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: input_userauth_request: invalid user test1 [preauth]
May 12 08:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: Failed password for invalid user test1 from 175.211.69.197 port 34264 ssh2
May 12 08:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: Failed password for invalid user test1 from 175.211.69.197 port 34264 ssh2
May 12 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: Received disconnect from 175.211.69.197 port 34264:11: disconnected by user [preauth]
May 12 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: Disconnected from 175.211.69.197 port 34264 [preauth]
May 12 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: Invalid user test2 from 175.211.69.197
May 12 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: input_userauth_request: invalid user test2 [preauth]
May 12 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: Failed password for invalid user test2 from 175.211.69.197 port 34692 ssh2
May 12 08:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: Failed password for invalid user test2 from 175.211.69.197 port 34692 ssh2
May 12 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19988]: pam_unix(cron:session): session closed for user root
May 12 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Invalid user temp from 186.233.208.13
May 12 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: input_userauth_request: invalid user temp [preauth]
May 12 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: Invalid user cheng from 190.103.202.7
May 12 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: input_userauth_request: invalid user cheng [preauth]
May 12 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 08:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: Failed password for invalid user test2 from 175.211.69.197 port 34692 ssh2
May 12 08:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Failed password for invalid user temp from 186.233.208.13 port 45678 ssh2
May 12 08:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Received disconnect from 186.233.208.13 port 45678:11: Bye Bye [preauth]
May 12 08:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Disconnected from 186.233.208.13 port 45678 [preauth]
May 12 08:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: Failed password for invalid user cheng from 190.103.202.7 port 48494 ssh2
May 12 08:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: Connection closed by 190.103.202.7 port 48494 [preauth]
May 12 08:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: Failed password for invalid user test2 from 175.211.69.197 port 34692 ssh2
May 12 08:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: Failed password for invalid user test2 from 175.211.69.197 port 34692 ssh2
May 12 08:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: Failed password for invalid user test2 from 175.211.69.197 port 34692 ssh2
May 12 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: error: maximum authentication attempts exceeded for invalid user test2 from 175.211.69.197 port 34692 ssh2 [preauth]
May 12 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: Disconnecting: Too many authentication failures [preauth]
May 12 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: Invalid user test2 from 175.211.69.197
May 12 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: input_userauth_request: invalid user test2 [preauth]
May 12 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: Failed password for invalid user test2 from 175.211.69.197 port 35672 ssh2
May 12 08:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: Failed password for invalid user test2 from 175.211.69.197 port 35672 ssh2
May 12 08:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: Failed password for invalid user test2 from 175.211.69.197 port 35672 ssh2
May 12 08:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: Failed password for invalid user test2 from 175.211.69.197 port 35672 ssh2
May 12 08:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: Failed password for invalid user test2 from 175.211.69.197 port 35672 ssh2
May 12 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21410]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21411]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21408]: pam_unix(cron:session): session closed for user p13x
May 12 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: Successful su for rubyman by root
May 12 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: + ??? root:rubyman
May 12 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377888 of user rubyman.
May 12 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: pam_unix(su:session): session closed for user rubyman
May 12 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377888.
May 12 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: Failed password for invalid user test2 from 175.211.69.197 port 35672 ssh2
May 12 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: error: maximum authentication attempts exceeded for invalid user test2 from 175.211.69.197 port 35672 ssh2 [preauth]
May 12 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: Disconnecting: Too many authentication failures [preauth]
May 12 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session closed for user root
May 12 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Invalid user test2 from 175.211.69.197
May 12 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: input_userauth_request: invalid user test2 [preauth]
May 12 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21409]: pam_unix(cron:session): session closed for user samftp
May 12 08:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Failed password for invalid user test2 from 175.211.69.197 port 36658 ssh2
May 12 08:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Failed password for invalid user test2 from 175.211.69.197 port 36658 ssh2
May 12 08:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Received disconnect from 175.211.69.197 port 36658:11: disconnected by user [preauth]
May 12 08:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Disconnected from 175.211.69.197 port 36658 [preauth]
May 12 08:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Invalid user ubuntu from 175.211.69.197
May 12 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: input_userauth_request: invalid user ubuntu [preauth]
May 12 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Failed password for invalid user ubuntu from 175.211.69.197 port 37100 ssh2
May 12 08:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Failed password for invalid user ubuntu from 175.211.69.197 port 37100 ssh2
May 12 08:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Failed password for invalid user ubuntu from 175.211.69.197 port 37100 ssh2
May 12 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Failed password for invalid user ubuntu from 175.211.69.197 port 37100 ssh2
May 12 08:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Failed password for invalid user ubuntu from 175.211.69.197 port 37100 ssh2
May 12 08:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Failed password for invalid user ubuntu from 175.211.69.197 port 37100 ssh2
May 12 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: error: maximum authentication attempts exceeded for invalid user ubuntu from 175.211.69.197 port 37100 ssh2 [preauth]
May 12 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Disconnecting: Too many authentication failures [preauth]
May 12 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: Invalid user ubuntu from 175.211.69.197
May 12 08:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: input_userauth_request: invalid user ubuntu [preauth]
May 12 08:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: Failed password for invalid user ubuntu from 175.211.69.197 port 37976 ssh2
May 12 08:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20496]: pam_unix(cron:session): session closed for user root
May 12 08:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: Failed password for invalid user ubuntu from 175.211.69.197 port 37976 ssh2
May 12 08:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: Failed password for invalid user ubuntu from 175.211.69.197 port 37976 ssh2
May 12 08:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: Failed password for invalid user ubuntu from 175.211.69.197 port 37976 ssh2
May 12 08:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: Failed password for invalid user ubuntu from 175.211.69.197 port 37976 ssh2
May 12 08:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: Failed password for invalid user ubuntu from 175.211.69.197 port 37976 ssh2
May 12 08:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: error: maximum authentication attempts exceeded for invalid user ubuntu from 175.211.69.197 port 37976 ssh2 [preauth]
May 12 08:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: Disconnecting: Too many authentication failures [preauth]
May 12 08:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21860]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 08:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Invalid user ubuntu from 175.211.69.197
May 12 08:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: input_userauth_request: invalid user ubuntu [preauth]
May 12 08:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Failed password for invalid user ubuntu from 175.211.69.197 port 38896 ssh2
May 12 08:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Failed password for invalid user ubuntu from 175.211.69.197 port 38896 ssh2
May 12 08:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Failed password for invalid user ubuntu from 175.211.69.197 port 38896 ssh2
May 12 08:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Failed password for invalid user ubuntu from 175.211.69.197 port 38896 ssh2
May 12 08:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Received disconnect from 175.211.69.197 port 38896:11: disconnected by user [preauth]
May 12 08:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Disconnected from 175.211.69.197 port 38896 [preauth]
May 12 08:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: PAM service(sshd) ignoring max retries; 4 > 3
May 12 08:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22152]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22150]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session closed for user p13x
May 12 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22216]: Successful su for rubyman by root
May 12 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22216]: + ??? root:rubyman
May 12 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377892 of user rubyman.
May 12 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22216]: pam_unix(su:session): session closed for user rubyman
May 12 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377892.
May 12 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session closed for user root
May 12 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Invalid user pi from 175.211.69.197
May 12 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: input_userauth_request: invalid user pi [preauth]
May 12 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session closed for user samftp
May 12 08:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user pi from 175.211.69.197 port 39684 ssh2
May 12 08:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user pi from 175.211.69.197 port 39684 ssh2
May 12 08:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user pi from 175.211.69.197 port 39684 ssh2
May 12 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user pi from 175.211.69.197 port 39684 ssh2
May 12 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Received disconnect from 175.211.69.197 port 39684:11: disconnected by user [preauth]
May 12 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Disconnected from 175.211.69.197 port 39684 [preauth]
May 12 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: PAM service(sshd) ignoring max retries; 4 > 3
May 12 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Invalid user baikal from 175.211.69.197
May 12 08:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: input_userauth_request: invalid user baikal [preauth]
May 12 08:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.211.69.197
May 12 08:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Failed password for invalid user baikal from 175.211.69.197 port 40414 ssh2
May 12 08:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Received disconnect from 175.211.69.197 port 40414:11: disconnected by user [preauth]
May 12 08:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Disconnected from 175.211.69.197 port 40414 [preauth]
May 12 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20953]: pam_unix(cron:session): session closed for user root
May 12 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22629]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22628]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session closed for user p13x
May 12 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22695]: Successful su for rubyman by root
May 12 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22695]: + ??? root:rubyman
May 12 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377897 of user rubyman.
May 12 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22695]: pam_unix(su:session): session closed for user rubyman
May 12 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377897.
May 12 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19555]: pam_unix(cron:session): session closed for user root
May 12 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22627]: pam_unix(cron:session): session closed for user samftp
May 12 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21411]: pam_unix(cron:session): session closed for user root
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23090]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session closed for user root
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23087]: pam_unix(cron:session): session closed for user p13x
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23162]: Successful su for rubyman by root
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23162]: + ??? root:rubyman
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377902 of user rubyman.
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23162]: pam_unix(su:session): session closed for user rubyman
May 12 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377902.
May 12 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session closed for user root
May 12 08:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19987]: pam_unix(cron:session): session closed for user root
May 12 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23088]: pam_unix(cron:session): session closed for user samftp
May 12 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22152]: pam_unix(cron:session): session closed for user root
May 12 08:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: Invalid user odoo from 34.123.134.194
May 12 08:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: input_userauth_request: invalid user odoo [preauth]
May 12 08:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194
May 12 08:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: Failed password for invalid user odoo from 34.123.134.194 port 59848 ssh2
May 12 08:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: Received disconnect from 34.123.134.194 port 59848:11: Bye Bye [preauth]
May 12 08:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: Disconnected from 34.123.134.194 port 59848 [preauth]
May 12 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23637]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session closed for user p13x
May 12 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: Successful su for rubyman by root
May 12 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: + ??? root:rubyman
May 12 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377906 of user rubyman.
May 12 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: pam_unix(su:session): session closed for user rubyman
May 12 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377906.
May 12 08:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session closed for user root
May 12 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session closed for user samftp
May 12 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22629]: pam_unix(cron:session): session closed for user root
May 12 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24165]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24166]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24163]: pam_unix(cron:session): session closed for user p13x
May 12 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: Successful su for rubyman by root
May 12 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: + ??? root:rubyman
May 12 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377910 of user rubyman.
May 12 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: pam_unix(su:session): session closed for user rubyman
May 12 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377910.
May 12 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20952]: pam_unix(cron:session): session closed for user root
May 12 08:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24164]: pam_unix(cron:session): session closed for user samftp
May 12 08:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May 12 08:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: Failed password for root from 193.70.84.184 port 47080 ssh2
May 12 08:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: Connection closed by 193.70.84.184 port 47080 [preauth]
May 12 08:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24488]: Invalid user luna from 186.233.208.13
May 12 08:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24488]: input_userauth_request: invalid user luna [preauth]
May 12 08:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24488]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 08:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24488]: Failed password for invalid user luna from 186.233.208.13 port 57888 ssh2
May 12 08:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24488]: Received disconnect from 186.233.208.13 port 57888:11: Bye Bye [preauth]
May 12 08:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24488]: Disconnected from 186.233.208.13 port 57888 [preauth]
May 12 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session closed for user root
May 12 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24614]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session closed for user p13x
May 12 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24674]: Successful su for rubyman by root
May 12 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24674]: + ??? root:rubyman
May 12 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377914 of user rubyman.
May 12 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24674]: pam_unix(su:session): session closed for user rubyman
May 12 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377914.
May 12 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21410]: pam_unix(cron:session): session closed for user root
May 12 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session closed for user samftp
May 12 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23637]: pam_unix(cron:session): session closed for user root
May 12 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25023]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25028]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25021]: pam_unix(cron:session): session closed for user p13x
May 12 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25083]: Successful su for rubyman by root
May 12 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25083]: + ??? root:rubyman
May 12 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377920 of user rubyman.
May 12 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25083]: pam_unix(su:session): session closed for user rubyman
May 12 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377920.
May 12 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22150]: pam_unix(cron:session): session closed for user root
May 12 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25022]: pam_unix(cron:session): session closed for user samftp
May 12 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24166]: pam_unix(cron:session): session closed for user root
May 12 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25446]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25446]: pam_unix(cron:session): session closed for user root
May 12 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session closed for user p13x
May 12 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25508]: Successful su for rubyman by root
May 12 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25508]: + ??? root:rubyman
May 12 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377925 of user rubyman.
May 12 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25508]: pam_unix(su:session): session closed for user rubyman
May 12 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377925.
May 12 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session closed for user root
May 12 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22628]: pam_unix(cron:session): session closed for user root
May 12 08:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25442]: pam_unix(cron:session): session closed for user samftp
May 12 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Invalid user test from 34.123.134.194
May 12 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: input_userauth_request: invalid user test [preauth]
May 12 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194
May 12 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Failed password for invalid user test from 34.123.134.194 port 38852 ssh2
May 12 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Received disconnect from 34.123.134.194 port 38852:11: Bye Bye [preauth]
May 12 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Disconnected from 34.123.134.194 port 38852 [preauth]
May 12 08:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24614]: pam_unix(cron:session): session closed for user root
May 12 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25970]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25967]: pam_unix(cron:session): session closed for user p13x
May 12 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26037]: Successful su for rubyman by root
May 12 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26037]: + ??? root:rubyman
May 12 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377928 of user rubyman.
May 12 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26037]: pam_unix(su:session): session closed for user rubyman
May 12 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377928.
May 12 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23090]: pam_unix(cron:session): session closed for user root
May 12 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session closed for user samftp
May 12 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25028]: pam_unix(cron:session): session closed for user root
May 12 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26382]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26383]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26380]: pam_unix(cron:session): session closed for user p13x
May 12 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26525]: Successful su for rubyman by root
May 12 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26525]: + ??? root:rubyman
May 12 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377932 of user rubyman.
May 12 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26525]: pam_unix(su:session): session closed for user rubyman
May 12 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377932.
May 12 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session closed for user root
May 12 08:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26381]: pam_unix(cron:session): session closed for user samftp
May 12 08:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: Invalid user admin from 80.94.95.125
May 12 08:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: input_userauth_request: invalid user admin [preauth]
May 12 08:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 08:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: Failed password for invalid user admin from 80.94.95.125 port 38413 ssh2
May 12 08:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: Received disconnect from 80.94.95.125 port 38413:11: Bye [preauth]
May 12 08:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: Disconnected from 80.94.95.125 port 38413 [preauth]
May 12 08:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session closed for user root
May 12 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26907]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26904]: pam_unix(cron:session): session closed for user p13x
May 12 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27004]: Successful su for rubyman by root
May 12 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27004]: + ??? root:rubyman
May 12 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377937 of user rubyman.
May 12 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27004]: pam_unix(su:session): session closed for user rubyman
May 12 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377937.
May 12 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24165]: pam_unix(cron:session): session closed for user root
May 12 08:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26905]: pam_unix(cron:session): session closed for user samftp
May 12 08:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: Invalid user vincent from 186.233.208.13
May 12 08:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: input_userauth_request: invalid user vincent [preauth]
May 12 08:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 08:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: Failed password for invalid user vincent from 186.233.208.13 port 42110 ssh2
May 12 08:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: Received disconnect from 186.233.208.13 port 42110:11: Bye Bye [preauth]
May 12 08:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: Disconnected from 186.233.208.13 port 42110 [preauth]
May 12 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25970]: pam_unix(cron:session): session closed for user root
May 12 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27473]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27470]: pam_unix(cron:session): session closed for user p13x
May 12 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27558]: Successful su for rubyman by root
May 12 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27558]: + ??? root:rubyman
May 12 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377942 of user rubyman.
May 12 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27558]: pam_unix(su:session): session closed for user rubyman
May 12 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377942.
May 12 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session closed for user root
May 12 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27471]: pam_unix(cron:session): session closed for user samftp
May 12 08:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 08:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27794]: Failed password for root from 218.92.0.179 port 61111 ssh2
May 12 08:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27794]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 61111 ssh2]
May 12 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26383]: pam_unix(cron:session): session closed for user root
May 12 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27930]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27929]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session closed for user root
May 12 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27926]: pam_unix(cron:session): session closed for user p13x
May 12 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28001]: Successful su for rubyman by root
May 12 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28001]: + ??? root:rubyman
May 12 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377948 of user rubyman.
May 12 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28001]: pam_unix(su:session): session closed for user rubyman
May 12 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377948.
May 12 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27929]: pam_unix(cron:session): session closed for user root
May 12 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25023]: pam_unix(cron:session): session closed for user root
May 12 08:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27927]: pam_unix(cron:session): session closed for user samftp
May 12 08:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194  user=root
May 12 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Failed password for root from 34.123.134.194 port 46082 ssh2
May 12 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Received disconnect from 34.123.134.194 port 46082:11: Bye Bye [preauth]
May 12 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Disconnected from 34.123.134.194 port 46082 [preauth]
May 12 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session closed for user root
May 12 08:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: Invalid user artin from 14.103.118.107
May 12 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: input_userauth_request: invalid user artin [preauth]
May 12 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107
May 12 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: Failed password for invalid user artin from 14.103.118.107 port 39998 ssh2
May 12 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: Received disconnect from 14.103.118.107 port 39998:11: Bye Bye [preauth]
May 12 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: Disconnected from 14.103.118.107 port 39998 [preauth]
May 12 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28378]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28377]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28375]: pam_unix(cron:session): session closed for user p13x
May 12 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28444]: Successful su for rubyman by root
May 12 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28444]: + ??? root:rubyman
May 12 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377950 of user rubyman.
May 12 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28444]: pam_unix(su:session): session closed for user rubyman
May 12 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377950.
May 12 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session closed for user root
May 12 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28376]: pam_unix(cron:session): session closed for user samftp
May 12 08:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27473]: pam_unix(cron:session): session closed for user root
May 12 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28784]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28782]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28780]: pam_unix(cron:session): session closed for user p13x
May 12 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: Successful su for rubyman by root
May 12 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: + ??? root:rubyman
May 12 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377954 of user rubyman.
May 12 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: pam_unix(su:session): session closed for user rubyman
May 12 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377954.
May 12 08:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session closed for user root
May 12 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28781]: pam_unix(cron:session): session closed for user samftp
May 12 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session closed for user root
May 12 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29294]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29295]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29292]: pam_unix(cron:session): session closed for user p13x
May 12 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29356]: Successful su for rubyman by root
May 12 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29356]: + ??? root:rubyman
May 12 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377960 of user rubyman.
May 12 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29356]: pam_unix(su:session): session closed for user rubyman
May 12 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377960.
May 12 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26382]: pam_unix(cron:session): session closed for user root
May 12 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29293]: pam_unix(cron:session): session closed for user samftp
May 12 08:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28378]: pam_unix(cron:session): session closed for user root
May 12 08:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Invalid user arkserver from 186.233.208.13
May 12 08:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: input_userauth_request: invalid user arkserver [preauth]
May 12 08:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 08:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Failed password for invalid user arkserver from 186.233.208.13 port 38470 ssh2
May 12 08:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Received disconnect from 186.233.208.13 port 38470:11: Bye Bye [preauth]
May 12 08:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Disconnected from 186.233.208.13 port 38470 [preauth]
May 12 08:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.39.1.158  user=root
May 12 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29608]: Failed password for root from 110.39.1.158 port 53352 ssh2
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29708]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29709]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29706]: pam_unix(cron:session): session closed for user p13x
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29608]: Connection closed by 110.39.1.158 port 53352 [preauth]
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29771]: Successful su for rubyman by root
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29771]: + ??? root:rubyman
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377962 of user rubyman.
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29771]: pam_unix(su:session): session closed for user rubyman
May 12 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377962.
May 12 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26907]: pam_unix(cron:session): session closed for user root
May 12 08:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29707]: pam_unix(cron:session): session closed for user samftp
May 12 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28784]: pam_unix(cron:session): session closed for user root
May 12 08:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Invalid user admin from 80.94.95.112
May 12 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: input_userauth_request: invalid user admin [preauth]
May 12 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: pam_unix(sshd:auth): check pass; user unknown
May 12 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Failed password for invalid user admin from 80.94.95.112 port 28123 ssh2
May 12 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30119]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30116]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30117]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30118]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30115]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30115]: pam_unix(cron:session): session closed for user root
May 12 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30119]: pam_unix(cron:session): session closed for user root
May 12 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30113]: pam_unix(cron:session): session closed for user p13x
May 12 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30206]: Successful su for rubyman by root
May 12 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30206]: + ??? root:rubyman
May 12 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377970 of user rubyman.
May 12 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30206]: pam_unix(su:session): session closed for user rubyman
May 12 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377970.
May 12 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Failed password for invalid user admin from 80.94.95.112 port 28123 ssh2
May 12 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session closed for user root
May 12 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30116]: pam_unix(cron:session): session closed for user root
May 12 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Failed password for invalid user admin from 80.94.95.112 port 28123 ssh2
May 12 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: Invalid user ubuntu from 34.123.134.194
May 12 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: input_userauth_request: invalid user ubuntu [preauth]
May 12 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194
May 12 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30114]: pam_unix(cron:session): session closed for user samftp
May 12 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Failed password for invalid user admin from 80.94.95.112 port 28123 ssh2
May 12 09:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: Failed password for invalid user ubuntu from 34.123.134.194 port 53310 ssh2
May 12 09:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: Received disconnect from 34.123.134.194 port 53310:11: Bye Bye [preauth]
May 12 09:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: Disconnected from 34.123.134.194 port 53310 [preauth]
May 12 09:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Failed password for invalid user admin from 80.94.95.112 port 28123 ssh2
May 12 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Received disconnect from 80.94.95.112 port 28123:11: Bye [preauth]
May 12 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Disconnected from 80.94.95.112 port 28123 [preauth]
May 12 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30414]: Failed password for root from 218.92.0.179 port 11951 ssh2
May 12 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30414]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 11951 ssh2]
May 12 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30414]: Received disconnect from 218.92.0.179 port 11951:11:  [preauth]
May 12 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30414]: Disconnected from 218.92.0.179 port 11951 [preauth]
May 12 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30414]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29295]: pam_unix(cron:session): session closed for user root
May 12 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30609]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30610]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30607]: pam_unix(cron:session): session closed for user p13x
May 12 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30673]: Successful su for rubyman by root
May 12 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30673]: + ??? root:rubyman
May 12 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377975 of user rubyman.
May 12 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30673]: pam_unix(su:session): session closed for user rubyman
May 12 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377975.
May 12 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27930]: pam_unix(cron:session): session closed for user root
May 12 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session closed for user samftp
May 12 09:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29709]: pam_unix(cron:session): session closed for user root
May 12 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31103]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31102]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31100]: pam_unix(cron:session): session closed for user p13x
May 12 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: Successful su for rubyman by root
May 12 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: + ??? root:rubyman
May 12 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377978 of user rubyman.
May 12 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: pam_unix(su:session): session closed for user rubyman
May 12 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377978.
May 12 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28377]: pam_unix(cron:session): session closed for user root
May 12 09:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31101]: pam_unix(cron:session): session closed for user samftp
May 12 09:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42  user=root
May 12 09:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Failed password for root from 195.158.24.42 port 39320 ssh2
May 12 09:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Received disconnect from 195.158.24.42 port 39320:11: Bye Bye [preauth]
May 12 09:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Disconnected from 195.158.24.42 port 39320 [preauth]
May 12 09:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30118]: pam_unix(cron:session): session closed for user root
May 12 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31518]: pam_unix(cron:session): session closed for user p13x
May 12 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31582]: Successful su for rubyman by root
May 12 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31582]: + ??? root:rubyman
May 12 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377981 of user rubyman.
May 12 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31582]: pam_unix(su:session): session closed for user rubyman
May 12 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377981.
May 12 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28782]: pam_unix(cron:session): session closed for user root
May 12 09:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session closed for user samftp
May 12 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30610]: pam_unix(cron:session): session closed for user root
May 12 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32043]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32042]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32040]: pam_unix(cron:session): session closed for user p13x
May 12 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32248]: Successful su for rubyman by root
May 12 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32248]: + ??? root:rubyman
May 12 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377985 of user rubyman.
May 12 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32248]: pam_unix(su:session): session closed for user rubyman
May 12 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377985.
May 12 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29294]: pam_unix(cron:session): session closed for user root
May 12 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32041]: pam_unix(cron:session): session closed for user samftp
May 12 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: Invalid user ftp_oper from 185.93.89.118
May 12 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: input_userauth_request: invalid user ftp_oper [preauth]
May 12 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 09:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: Failed password for invalid user ftp_oper from 185.93.89.118 port 28810 ssh2
May 12 09:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: Connection closed by 185.93.89.118 port 28810 [preauth]
May 12 09:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Invalid user owner from 186.233.208.13
May 12 09:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: input_userauth_request: invalid user owner [preauth]
May 12 09:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 09:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Failed password for invalid user owner from 186.233.208.13 port 40366 ssh2
May 12 09:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Received disconnect from 186.233.208.13 port 40366:11: Bye Bye [preauth]
May 12 09:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Disconnected from 186.233.208.13 port 40366 [preauth]
May 12 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31103]: pam_unix(cron:session): session closed for user root
May 12 09:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Invalid user ftpguest from 185.93.89.118
May 12 09:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: input_userauth_request: invalid user ftpguest [preauth]
May 12 09:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 09:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Failed password for invalid user ftpguest from 185.93.89.118 port 39598 ssh2
May 12 09:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Connection closed by 185.93.89.118 port 39598 [preauth]
May 12 09:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: User ftp from 185.93.89.118 not allowed because not listed in AllowUsers
May 12 09:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: input_userauth_request: invalid user ftp [preauth]
May 12 09:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=ftp
May 12 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: Failed password for invalid user ftp from 185.93.89.118 port 63422 ssh2
May 12 09:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: Connection closed by 185.93.89.118 port 63422 [preauth]
May 12 09:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194  user=root
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Failed password for root from 34.123.134.194 port 60552 ssh2
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[312]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session closed for user root
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Received disconnect from 34.123.134.194 port 60552:11: Bye Bye [preauth]
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Disconnected from 34.123.134.194 port 60552 [preauth]
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session closed for user p13x
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[416]: Successful su for rubyman by root
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[416]: + ??? root:rubyman
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377989 of user rubyman.
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[416]: pam_unix(su:session): session closed for user rubyman
May 12 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377989.
May 12 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29708]: pam_unix(cron:session): session closed for user root
May 12 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session closed for user root
May 12 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32759]: Invalid user ftp-admin from 185.93.89.118
May 12 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32759]: input_userauth_request: invalid user ftp-admin [preauth]
May 12 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32759]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32759]: Failed password for invalid user ftp-admin from 185.93.89.118 port 35914 ssh2
May 12 09:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session closed for user samftp
May 12 09:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32759]: Connection closed by 185.93.89.118 port 35914 [preauth]
May 12 09:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: Invalid user ftpuser1 from 185.93.89.118
May 12 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: input_userauth_request: invalid user ftpuser1 [preauth]
May 12 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 09:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: Failed password for invalid user ftpuser1 from 185.93.89.118 port 52734 ssh2
May 12 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: Connection closed by 185.93.89.118 port 52734 [preauth]
May 12 09:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session closed for user root
May 12 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[856]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[857]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session closed for user p13x
May 12 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[934]: Successful su for rubyman by root
May 12 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[934]: + ??? root:rubyman
May 12 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377995 of user rubyman.
May 12 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[934]: pam_unix(su:session): session closed for user rubyman
May 12 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377995.
May 12 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30117]: pam_unix(cron:session): session closed for user root
May 12 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[855]: pam_unix(cron:session): session closed for user samftp
May 12 09:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 09:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Failed password for root from 80.94.95.125 port 61423 ssh2
May 12 09:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Received disconnect from 80.94.95.125 port 61423:11: Bye [preauth]
May 12 09:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Disconnected from 80.94.95.125 port 61423 [preauth]
May 12 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32043]: pam_unix(cron:session): session closed for user root
May 12 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1355]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1356]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1353]: pam_unix(cron:session): session closed for user p13x
May 12 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1424]: Successful su for rubyman by root
May 12 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1424]: + ??? root:rubyman
May 12 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 377999 of user rubyman.
May 12 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1424]: pam_unix(su:session): session closed for user rubyman
May 12 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 377999.
May 12 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30609]: pam_unix(cron:session): session closed for user root
May 12 09:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1354]: pam_unix(cron:session): session closed for user samftp
May 12 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session closed for user root
May 12 09:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: Invalid user nurul from 195.158.24.42
May 12 09:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: input_userauth_request: invalid user nurul [preauth]
May 12 09:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 09:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: Failed password for invalid user nurul from 195.158.24.42 port 32990 ssh2
May 12 09:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: Received disconnect from 195.158.24.42 port 32990:11: Bye Bye [preauth]
May 12 09:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: Disconnected from 195.158.24.42 port 32990 [preauth]
May 12 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1846]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1847]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1844]: pam_unix(cron:session): session closed for user p13x
May 12 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1954]: Successful su for rubyman by root
May 12 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1954]: + ??? root:rubyman
May 12 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378005 of user rubyman.
May 12 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1954]: pam_unix(su:session): session closed for user rubyman
May 12 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378005.
May 12 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31102]: pam_unix(cron:session): session closed for user root
May 12 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1845]: pam_unix(cron:session): session closed for user samftp
May 12 09:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Failed password for root from 218.92.0.179 port 26045 ssh2
May 12 09:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[857]: pam_unix(cron:session): session closed for user root
May 12 09:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Failed password for root from 218.92.0.179 port 26045 ssh2
May 12 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Failed password for root from 218.92.0.179 port 26045 ssh2
May 12 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Received disconnect from 218.92.0.179 port 26045:11:  [preauth]
May 12 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Disconnected from 218.92.0.179 port 26045 [preauth]
May 12 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2336]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2335]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2332]: pam_unix(cron:session): session closed for user p13x
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2477]: Successful su for rubyman by root
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2477]: + ??? root:rubyman
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378007 of user rubyman.
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2477]: pam_unix(su:session): session closed for user rubyman
May 12 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378007.
May 12 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session closed for user root
May 12 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session closed for user root
May 12 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2333]: pam_unix(cron:session): session closed for user samftp
May 12 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1356]: pam_unix(cron:session): session closed for user root
May 12 09:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.134.194  user=root
May 12 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Failed password for root from 34.123.134.194 port 39558 ssh2
May 12 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Received disconnect from 34.123.134.194 port 39558:11: Bye Bye [preauth]
May 12 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Disconnected from 34.123.134.194 port 39558 [preauth]
May 12 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Invalid user guest from 45.6.188.43
May 12 09:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: input_userauth_request: invalid user guest [preauth]
May 12 09:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 12 09:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Failed password for invalid user guest from 45.6.188.43 port 54982 ssh2
May 12 09:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Connection closed by 45.6.188.43 port 54982 [preauth]
May 12 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2888]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2887]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2889]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2890]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2890]: pam_unix(cron:session): session closed for user root
May 12 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2884]: pam_unix(cron:session): session closed for user p13x
May 12 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: Successful su for rubyman by root
May 12 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: + ??? root:rubyman
May 12 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378015 of user rubyman.
May 12 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: pam_unix(su:session): session closed for user rubyman
May 12 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378015.
May 12 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2887]: pam_unix(cron:session): session closed for user root
May 12 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32042]: pam_unix(cron:session): session closed for user root
May 12 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2886]: pam_unix(cron:session): session closed for user samftp
May 12 09:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May 12 09:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: Failed password for root from 186.233.208.13 port 58420 ssh2
May 12 09:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: Received disconnect from 186.233.208.13 port 58420:11: Bye Bye [preauth]
May 12 09:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: Disconnected from 186.233.208.13 port 58420 [preauth]
May 12 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1847]: pam_unix(cron:session): session closed for user root
May 12 09:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: Invalid user adam from 193.32.162.157
May 12 09:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: input_userauth_request: invalid user adam [preauth]
May 12 09:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 09:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: Failed password for invalid user adam from 193.32.162.157 port 46042 ssh2
May 12 09:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: Connection closed by 193.32.162.157 port 46042 [preauth]
May 12 09:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3333]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3334]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3331]: pam_unix(cron:session): session closed for user p13x
May 12 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3412]: Successful su for rubyman by root
May 12 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3412]: + ??? root:rubyman
May 12 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378018 of user rubyman.
May 12 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3412]: pam_unix(su:session): session closed for user rubyman
May 12 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378018.
May 12 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Invalid user zyx from 193.32.162.157
May 12 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: input_userauth_request: invalid user zyx [preauth]
May 12 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[312]: pam_unix(cron:session): session closed for user root
May 12 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Failed password for invalid user zyx from 193.32.162.157 port 22614 ssh2
May 12 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3332]: pam_unix(cron:session): session closed for user samftp
May 12 09:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Connection closed by 193.32.162.157 port 22614 [preauth]
May 12 09:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: Invalid user aaa from 193.32.162.157
May 12 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: input_userauth_request: invalid user aaa [preauth]
May 12 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 09:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: Failed password for invalid user aaa from 193.32.162.157 port 47844 ssh2
May 12 09:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: Connection closed by 193.32.162.157 port 47844 [preauth]
May 12 09:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Failed password for root from 218.92.0.179 port 26658 ssh2
May 12 09:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Failed password for root from 218.92.0.179 port 26658 ssh2
May 12 09:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Invalid user acer from 193.32.162.157
May 12 09:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: input_userauth_request: invalid user acer [preauth]
May 12 09:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Failed password for invalid user acer from 193.32.162.157 port 14180 ssh2
May 12 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Failed password for root from 218.92.0.179 port 26658 ssh2
May 12 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Received disconnect from 218.92.0.179 port 26658:11:  [preauth]
May 12 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Disconnected from 218.92.0.179 port 26658 [preauth]
May 12 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Connection closed by 193.32.162.157 port 14180 [preauth]
May 12 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2336]: pam_unix(cron:session): session closed for user root
May 12 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: Invalid user zt from 193.32.162.157
May 12 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: input_userauth_request: invalid user zt [preauth]
May 12 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 09:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: Failed password for invalid user zt from 193.32.162.157 port 11006 ssh2
May 12 09:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: Connection closed by 193.32.162.157 port 11006 [preauth]
May 12 09:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 09:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: Failed password for root from 218.92.0.231 port 44422 ssh2
May 12 09:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 44422 ssh2]
May 12 09:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: Received disconnect from 218.92.0.231 port 44422:11:  [preauth]
May 12 09:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: Disconnected from 218.92.0.231 port 44422 [preauth]
May 12 09:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3795]: pam_unix(cron:session): session closed for user p13x
May 12 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3855]: Successful su for rubyman by root
May 12 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3855]: + ??? root:rubyman
May 12 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378022 of user rubyman.
May 12 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3855]: pam_unix(su:session): session closed for user rubyman
May 12 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378022.
May 12 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[856]: pam_unix(cron:session): session closed for user root
May 12 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3796]: pam_unix(cron:session): session closed for user samftp
May 12 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2889]: pam_unix(cron:session): session closed for user root
May 12 09:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: Invalid user test from 195.158.24.42
May 12 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: input_userauth_request: invalid user test [preauth]
May 12 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 09:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: Failed password for invalid user test from 195.158.24.42 port 59350 ssh2
May 12 09:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: Received disconnect from 195.158.24.42 port 59350:11: Bye Bye [preauth]
May 12 09:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: Disconnected from 195.158.24.42 port 59350 [preauth]
May 12 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4267]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4268]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4265]: pam_unix(cron:session): session closed for user p13x
May 12 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: Successful su for rubyman by root
May 12 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: + ??? root:rubyman
May 12 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378026 of user rubyman.
May 12 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: pam_unix(su:session): session closed for user rubyman
May 12 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378026.
May 12 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1355]: pam_unix(cron:session): session closed for user root
May 12 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session closed for user samftp
May 12 09:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3334]: pam_unix(cron:session): session closed for user root
May 12 09:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Received disconnect from 218.92.0.226 port 50884:11:  [preauth]
May 12 09:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Disconnected from 218.92.0.226 port 50884 [preauth]
May 12 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4814]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4815]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4809]: pam_unix(cron:session): session closed for user p13x
May 12 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4879]: Successful su for rubyman by root
May 12 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4879]: + ??? root:rubyman
May 12 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378031 of user rubyman.
May 12 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4879]: pam_unix(su:session): session closed for user rubyman
May 12 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378031.
May 12 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1846]: pam_unix(cron:session): session closed for user root
May 12 09:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4813]: pam_unix(cron:session): session closed for user samftp
May 12 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session closed for user root
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5418]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5417]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5419]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5420]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5420]: pam_unix(cron:session): session closed for user root
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5415]: pam_unix(cron:session): session closed for user p13x
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: Successful su for rubyman by root
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: + ??? root:rubyman
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378037 of user rubyman.
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: pam_unix(su:session): session closed for user rubyman
May 12 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378037.
May 12 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5417]: pam_unix(cron:session): session closed for user root
May 12 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2335]: pam_unix(cron:session): session closed for user root
May 12 09:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5416]: pam_unix(cron:session): session closed for user samftp
May 12 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4268]: pam_unix(cron:session): session closed for user root
May 12 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session closed for user p13x
May 12 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: Successful su for rubyman by root
May 12 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: + ??? root:rubyman
May 12 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378040 of user rubyman.
May 12 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: pam_unix(su:session): session closed for user rubyman
May 12 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378040.
May 12 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2888]: pam_unix(cron:session): session closed for user root
May 12 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session closed for user samftp
May 12 09:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Invalid user ice from 186.233.208.13
May 12 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: input_userauth_request: invalid user ice [preauth]
May 12 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 09:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Failed password for invalid user ice from 186.233.208.13 port 38554 ssh2
May 12 09:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Received disconnect from 186.233.208.13 port 38554:11: Bye Bye [preauth]
May 12 09:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Disconnected from 186.233.208.13 port 38554 [preauth]
May 12 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4815]: pam_unix(cron:session): session closed for user root
May 12 09:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Failed password for root from 218.92.0.179 port 45435 ssh2
May 12 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45435 ssh2]
May 12 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Received disconnect from 218.92.0.179 port 45435:11:  [preauth]
May 12 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Disconnected from 218.92.0.179 port 45435 [preauth]
May 12 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6435]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6430]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6430]: pam_unix(cron:session): session closed for user root
May 12 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6432]: pam_unix(cron:session): session closed for user p13x
May 12 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: Successful su for rubyman by root
May 12 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: + ??? root:rubyman
May 12 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378044 of user rubyman.
May 12 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: pam_unix(su:session): session closed for user rubyman
May 12 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378044.
May 12 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3333]: pam_unix(cron:session): session closed for user root
May 12 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6433]: pam_unix(cron:session): session closed for user samftp
May 12 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5419]: pam_unix(cron:session): session closed for user root
May 12 09:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42  user=root
May 12 09:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Failed password for root from 195.158.24.42 port 39682 ssh2
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6845]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6844]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6842]: pam_unix(cron:session): session closed for user p13x
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Received disconnect from 195.158.24.42 port 39682:11: Bye Bye [preauth]
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Disconnected from 195.158.24.42 port 39682 [preauth]
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: Successful su for rubyman by root
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: + ??? root:rubyman
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378050 of user rubyman.
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: pam_unix(su:session): session closed for user rubyman
May 12 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378050.
May 12 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Failed password for root from 190.244.25.245 port 60588 ssh2
May 12 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Received disconnect from 190.244.25.245 port 60588:11: Bye Bye [preauth]
May 12 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Disconnected from 190.244.25.245 port 60588 [preauth]
May 12 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session closed for user root
May 12 09:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6843]: pam_unix(cron:session): session closed for user samftp
May 12 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session closed for user root
May 12 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session closed for user p13x
May 12 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7419]: Successful su for rubyman by root
May 12 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7419]: + ??? root:rubyman
May 12 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378054 of user rubyman.
May 12 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7419]: pam_unix(su:session): session closed for user rubyman
May 12 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378054.
May 12 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4267]: pam_unix(cron:session): session closed for user root
May 12 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session closed for user samftp
May 12 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6435]: pam_unix(cron:session): session closed for user root
May 12 09:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7886]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7888]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7885]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7887]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7888]: pam_unix(cron:session): session closed for user root
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7883]: pam_unix(cron:session): session closed for user p13x
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7958]: Successful su for rubyman by root
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7958]: + ??? root:rubyman
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378058 of user rubyman.
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7958]: pam_unix(su:session): session closed for user rubyman
May 12 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378058.
May 12 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7885]: pam_unix(cron:session): session closed for user root
May 12 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: Failed password for root from 80.94.95.125 port 22750 ssh2
May 12 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: Received disconnect from 80.94.95.125 port 22750:11: Bye [preauth]
May 12 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: Disconnected from 80.94.95.125 port 22750 [preauth]
May 12 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4814]: pam_unix(cron:session): session closed for user root
May 12 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7884]: pam_unix(cron:session): session closed for user samftp
May 12 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6845]: pam_unix(cron:session): session closed for user root
May 12 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8350]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8351]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8348]: pam_unix(cron:session): session closed for user p13x
May 12 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8427]: Successful su for rubyman by root
May 12 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8427]: + ??? root:rubyman
May 12 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378064 of user rubyman.
May 12 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8427]: pam_unix(su:session): session closed for user rubyman
May 12 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378064.
May 12 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5418]: pam_unix(cron:session): session closed for user root
May 12 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8349]: pam_unix(cron:session): session closed for user samftp
May 12 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Invalid user ubuntu from 190.244.25.245
May 12 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: input_userauth_request: invalid user ubuntu [preauth]
May 12 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 09:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Failed password for invalid user ubuntu from 190.244.25.245 port 51594 ssh2
May 12 09:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Received disconnect from 190.244.25.245 port 51594:11: Bye Bye [preauth]
May 12 09:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Disconnected from 190.244.25.245 port 51594 [preauth]
May 12 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session closed for user root
May 12 09:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Connection reset by 147.185.132.216 port 58032 [preauth]
May 12 09:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8801]: pam_unix(cron:session): session closed for user p13x
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Failed password for root from 218.92.0.231 port 33372 ssh2
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8867]: Successful su for rubyman by root
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8867]: + ??? root:rubyman
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378068 of user rubyman.
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8867]: pam_unix(su:session): session closed for user rubyman
May 12 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378068.
May 12 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Failed password for root from 218.92.0.231 port 33372 ssh2
May 12 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session closed for user root
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Invalid user everson from 84.200.17.19
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: input_userauth_request: invalid user everson [preauth]
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Invalid user gray from 181.115.178.66
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: input_userauth_request: invalid user gray [preauth]
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Failed password for root from 218.92.0.231 port 33372 ssh2
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Received disconnect from 218.92.0.231 port 33372:11:  [preauth]
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Disconnected from 218.92.0.231 port 33372 [preauth]
May 12 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: Invalid user sebas from 186.233.208.13
May 12 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: input_userauth_request: invalid user sebas [preauth]
May 12 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8802]: pam_unix(cron:session): session closed for user samftp
May 12 09:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Failed password for invalid user everson from 84.200.17.19 port 52628 ssh2
May 12 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: Failed password for invalid user sebas from 186.233.208.13 port 50728 ssh2
May 12 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Failed password for invalid user gray from 181.115.178.66 port 40196 ssh2
May 12 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Received disconnect from 84.200.17.19 port 52628:11: Bye Bye [preauth]
May 12 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Disconnected from 84.200.17.19 port 52628 [preauth]
May 12 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Received disconnect from 181.115.178.66 port 40196:11: Bye Bye [preauth]
May 12 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Disconnected from 181.115.178.66 port 40196 [preauth]
May 12 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: Received disconnect from 186.233.208.13 port 50728:11: Bye Bye [preauth]
May 12 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: Disconnected from 186.233.208.13 port 50728 [preauth]
May 12 09:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: Did not receive identification string from 138.68.90.117
May 12 09:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Invalid user cs2server from 138.68.90.117
May 12 09:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: input_userauth_request: invalid user cs2server [preauth]
May 12 09:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Failed password for invalid user cs2server from 138.68.90.117 port 51978 ssh2
May 12 09:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Connection closed by 138.68.90.117 port 51978 [preauth]
May 12 09:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: Invalid user test from 138.68.90.117
May 12 09:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: input_userauth_request: invalid user test [preauth]
May 12 09:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: Failed password for invalid user test from 138.68.90.117 port 52024 ssh2
May 12 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: Connection closed by 138.68.90.117 port 52024 [preauth]
May 12 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7887]: pam_unix(cron:session): session closed for user root
May 12 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9234]: Invalid user guest from 138.68.90.117
May 12 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9234]: input_userauth_request: invalid user guest [preauth]
May 12 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9234]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9234]: Failed password for invalid user guest from 138.68.90.117 port 48640 ssh2
May 12 09:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9234]: Connection closed by 138.68.90.117 port 48640 [preauth]
May 12 09:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Invalid user es from 138.68.90.117
May 12 09:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: input_userauth_request: invalid user es [preauth]
May 12 09:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Failed password for invalid user es from 138.68.90.117 port 48654 ssh2
May 12 09:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Connection closed by 138.68.90.117 port 48654 [preauth]
May 12 09:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117  user=root
May 12 09:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: Failed password for root from 138.68.90.117 port 48662 ssh2
May 12 09:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: Connection closed by 138.68.90.117 port 48662 [preauth]
May 12 09:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9302]: Invalid user vagrant from 138.68.90.117
May 12 09:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9302]: input_userauth_request: invalid user vagrant [preauth]
May 12 09:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9302]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9302]: Failed password for invalid user vagrant from 138.68.90.117 port 56144 ssh2
May 12 09:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9302]: Connection closed by 138.68.90.117 port 56144 [preauth]
May 12 09:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Invalid user user2 from 138.68.90.117
May 12 09:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: input_userauth_request: invalid user user2 [preauth]
May 12 09:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Failed password for invalid user user2 from 138.68.90.117 port 56154 ssh2
May 12 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Connection closed by 138.68.90.117 port 56154 [preauth]
May 12 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Invalid user csgo from 138.68.90.117
May 12 09:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: input_userauth_request: invalid user csgo [preauth]
May 12 09:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Failed password for invalid user csgo from 138.68.90.117 port 56170 ssh2
May 12 09:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Connection closed by 138.68.90.117 port 56170 [preauth]
May 12 09:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Invalid user admin from 138.68.90.117
May 12 09:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: input_userauth_request: invalid user admin [preauth]
May 12 09:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Failed password for invalid user admin from 138.68.90.117 port 56182 ssh2
May 12 09:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Connection closed by 138.68.90.117 port 56182 [preauth]
May 12 09:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: Invalid user test from 138.68.90.117
May 12 09:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: input_userauth_request: invalid user test [preauth]
May 12 09:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: Failed password for invalid user test from 138.68.90.117 port 37206 ssh2
May 12 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: Connection closed by 138.68.90.117 port 37206 [preauth]
May 12 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: Invalid user oracle from 138.68.90.117
May 12 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: input_userauth_request: invalid user oracle [preauth]
May 12 09:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: Failed password for invalid user oracle from 138.68.90.117 port 37216 ssh2
May 12 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: Connection closed by 138.68.90.117 port 37216 [preauth]
May 12 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Invalid user zjw from 138.68.90.117
May 12 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: input_userauth_request: invalid user zjw [preauth]
May 12 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9361]: pam_unix(cron:session): session closed for user p13x
May 12 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9423]: Successful su for rubyman by root
May 12 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9423]: + ??? root:rubyman
May 12 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378071 of user rubyman.
May 12 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9423]: pam_unix(su:session): session closed for user rubyman
May 12 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378071.
May 12 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user zjw from 138.68.90.117 port 37218 ssh2
May 12 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Connection closed by 138.68.90.117 port 37218 [preauth]
May 12 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Invalid user ubnt from 138.68.90.117
May 12 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: input_userauth_request: invalid user ubnt [preauth]
May 12 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session closed for user root
May 12 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Failed password for invalid user ubnt from 138.68.90.117 port 50154 ssh2
May 12 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Connection closed by 138.68.90.117 port 50154 [preauth]
May 12 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9362]: pam_unix(cron:session): session closed for user samftp
May 12 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9607]: Invalid user test from 138.68.90.117
May 12 09:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9607]: input_userauth_request: invalid user test [preauth]
May 12 09:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9607]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9607]: Failed password for invalid user test from 138.68.90.117 port 50158 ssh2
May 12 09:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9607]: Connection closed by 138.68.90.117 port 50158 [preauth]
May 12 09:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Invalid user ubuntu from 138.68.90.117
May 12 09:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: input_userauth_request: invalid user ubuntu [preauth]
May 12 09:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Failed password for invalid user ubuntu from 138.68.90.117 port 50172 ssh2
May 12 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Connection closed by 138.68.90.117 port 50172 [preauth]
May 12 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: Invalid user user3 from 138.68.90.117
May 12 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: input_userauth_request: invalid user user3 [preauth]
May 12 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: Invalid user test from 195.158.24.42
May 12 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: input_userauth_request: invalid user test [preauth]
May 12 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 09:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: Failed password for invalid user user3 from 138.68.90.117 port 52052 ssh2
May 12 09:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: Failed password for invalid user test from 195.158.24.42 port 60124 ssh2
May 12 09:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: Connection closed by 138.68.90.117 port 52052 [preauth]
May 12 09:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: Received disconnect from 195.158.24.42 port 60124:11: Bye Bye [preauth]
May 12 09:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: Disconnected from 195.158.24.42 port 60124 [preauth]
May 12 09:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: Invalid user user1 from 138.68.90.117
May 12 09:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: input_userauth_request: invalid user user1 [preauth]
May 12 09:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: Failed password for invalid user user1 from 138.68.90.117 port 52062 ssh2
May 12 09:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: Connection closed by 138.68.90.117 port 52062 [preauth]
May 12 09:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: Invalid user dspace from 138.68.90.117
May 12 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: input_userauth_request: invalid user dspace [preauth]
May 12 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: Failed password for invalid user dspace from 138.68.90.117 port 52076 ssh2
May 12 09:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: Connection closed by 138.68.90.117 port 52076 [preauth]
May 12 09:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Invalid user cs2server from 138.68.90.117
May 12 09:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: input_userauth_request: invalid user cs2server [preauth]
May 12 09:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Failed password for invalid user cs2server from 138.68.90.117 port 52092 ssh2
May 12 09:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Connection closed by 138.68.90.117 port 52092 [preauth]
May 12 09:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117  user=root
May 12 09:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: Failed password for root from 138.68.90.117 port 58634 ssh2
May 12 09:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: Connection closed by 138.68.90.117 port 58634 [preauth]
May 12 09:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Invalid user 1 from 138.68.90.117
May 12 09:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: input_userauth_request: invalid user 1 [preauth]
May 12 09:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Failed password for invalid user 1 from 138.68.90.117 port 58636 ssh2
May 12 09:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Connection closed by 138.68.90.117 port 58636 [preauth]
May 12 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Invalid user steam from 138.68.90.117
May 12 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: input_userauth_request: invalid user steam [preauth]
May 12 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8351]: pam_unix(cron:session): session closed for user root
May 12 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Failed password for invalid user steam from 138.68.90.117 port 58646 ssh2
May 12 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Connection closed by 138.68.90.117 port 58646 [preauth]
May 12 09:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Invalid user ubnt from 138.68.90.117
May 12 09:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: input_userauth_request: invalid user ubnt [preauth]
May 12 09:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Failed password for invalid user ubnt from 138.68.90.117 port 49584 ssh2
May 12 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Connection closed by 138.68.90.117 port 49584 [preauth]
May 12 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Invalid user steam from 138.68.90.117
May 12 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: input_userauth_request: invalid user steam [preauth]
May 12 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Failed password for invalid user steam from 138.68.90.117 port 49600 ssh2
May 12 09:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Connection closed by 138.68.90.117 port 49600 [preauth]
May 12 09:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117  user=root
May 12 09:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: Failed password for root from 138.68.90.117 port 49608 ssh2
May 12 09:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: Connection closed by 138.68.90.117 port 49608 [preauth]
May 12 09:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: User ftp from 138.68.90.117 not allowed because not listed in AllowUsers
May 12 09:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: input_userauth_request: invalid user ftp [preauth]
May 12 09:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117  user=ftp
May 12 09:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: Failed password for invalid user ftp from 138.68.90.117 port 54910 ssh2
May 12 09:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: Connection closed by 138.68.90.117 port 54910 [preauth]
May 12 09:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9764]: Invalid user zjw from 138.68.90.117
May 12 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9764]: input_userauth_request: invalid user zjw [preauth]
May 12 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9764]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9764]: Failed password for invalid user zjw from 138.68.90.117 port 54914 ssh2
May 12 09:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9764]: Connection closed by 138.68.90.117 port 54914 [preauth]
May 12 09:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Invalid user steam from 138.68.90.117
May 12 09:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: input_userauth_request: invalid user steam [preauth]
May 12 09:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Failed password for invalid user steam from 138.68.90.117 port 54930 ssh2
May 12 09:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Connection closed by 138.68.90.117 port 54930 [preauth]
May 12 09:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9786]: Invalid user oracle from 138.68.90.117
May 12 09:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9786]: input_userauth_request: invalid user oracle [preauth]
May 12 09:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9786]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9786]: Failed password for invalid user oracle from 138.68.90.117 port 54944 ssh2
May 12 09:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9786]: Connection closed by 138.68.90.117 port 54944 [preauth]
May 12 09:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: Invalid user user3 from 138.68.90.117
May 12 09:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: input_userauth_request: invalid user user3 [preauth]
May 12 09:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: Failed password for invalid user user3 from 138.68.90.117 port 60956 ssh2
May 12 09:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: Connection closed by 138.68.90.117 port 60956 [preauth]
May 12 09:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117  user=root
May 12 09:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9800]: Failed password for root from 138.68.90.117 port 60958 ssh2
May 12 09:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9800]: Connection closed by 138.68.90.117 port 60958 [preauth]
May 12 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9807]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9808]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9805]: pam_unix(cron:session): session closed for user p13x
May 12 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: Invalid user postgres from 138.68.90.117
May 12 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: input_userauth_request: invalid user postgres [preauth]
May 12 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: Successful su for rubyman by root
May 12 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: + ??? root:rubyman
May 12 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378075 of user rubyman.
May 12 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: pam_unix(su:session): session closed for user rubyman
May 12 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378075.
May 12 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: Failed password for invalid user postgres from 138.68.90.117 port 60970 ssh2
May 12 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: Connection closed by 138.68.90.117 port 60970 [preauth]
May 12 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6844]: pam_unix(cron:session): session closed for user root
May 12 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: Invalid user minecraft from 138.68.90.117
May 12 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: input_userauth_request: invalid user minecraft [preauth]
May 12 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9806]: pam_unix(cron:session): session closed for user samftp
May 12 09:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: Failed password for invalid user minecraft from 138.68.90.117 port 35574 ssh2
May 12 09:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: Connection closed by 138.68.90.117 port 35574 [preauth]
May 12 09:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: Invalid user git from 138.68.90.117
May 12 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: input_userauth_request: invalid user git [preauth]
May 12 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: Failed password for invalid user git from 138.68.90.117 port 35590 ssh2
May 12 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: Connection closed by 138.68.90.117 port 35590 [preauth]
May 12 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Invalid user mc from 138.68.90.117
May 12 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: input_userauth_request: invalid user mc [preauth]
May 12 09:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Failed password for invalid user mc from 138.68.90.117 port 35594 ssh2
May 12 09:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Connection closed by 138.68.90.117 port 35594 [preauth]
May 12 09:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117  user=root
May 12 09:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: Failed password for root from 138.68.90.117 port 35604 ssh2
May 12 09:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: Connection closed by 138.68.90.117 port 35604 [preauth]
May 12 09:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: Invalid user debian from 138.68.90.117
May 12 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: input_userauth_request: invalid user debian [preauth]
May 12 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: Failed password for invalid user debian from 138.68.90.117 port 46640 ssh2
May 12 09:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: Connection closed by 138.68.90.117 port 46640 [preauth]
May 12 09:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: Invalid user user from 138.68.90.117
May 12 09:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: input_userauth_request: invalid user user [preauth]
May 12 09:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: Failed password for invalid user user from 138.68.90.117 port 46656 ssh2
May 12 09:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: Connection closed by 138.68.90.117 port 46656 [preauth]
May 12 09:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Invalid user 1 from 138.68.90.117
May 12 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: input_userauth_request: invalid user 1 [preauth]
May 12 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55  user=root
May 12 09:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Failed password for invalid user 1 from 138.68.90.117 port 46666 ssh2
May 12 09:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Connection closed by 138.68.90.117 port 46666 [preauth]
May 12 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Failed password for root from 47.234.143.55 port 36388 ssh2
May 12 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Received disconnect from 47.234.143.55 port 36388:11: Bye Bye [preauth]
May 12 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Disconnected from 47.234.143.55 port 36388 [preauth]
May 12 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10130]: Invalid user 1 from 138.68.90.117
May 12 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10130]: input_userauth_request: invalid user 1 [preauth]
May 12 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10130]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10130]: Failed password for invalid user 1 from 138.68.90.117 port 59690 ssh2
May 12 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10130]: Connection closed by 138.68.90.117 port 59690 [preauth]
May 12 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Invalid user test from 138.68.90.117
May 12 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: input_userauth_request: invalid user test [preauth]
May 12 09:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.90.117
May 12 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Failed password for invalid user test from 138.68.90.117 port 59702 ssh2
May 12 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Connection closed by 138.68.90.117 port 59702 [preauth]
May 12 09:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May 12 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session closed for user root
May 12 09:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: Failed password for root from 193.70.84.184 port 40656 ssh2
May 12 09:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: Connection closed by 193.70.84.184 port 40656 [preauth]
May 12 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10314]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session closed for user root
May 12 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session closed for user p13x
May 12 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10395]: Successful su for rubyman by root
May 12 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10395]: + ??? root:rubyman
May 12 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378083 of user rubyman.
May 12 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10395]: pam_unix(su:session): session closed for user rubyman
May 12 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378083.
May 12 09:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session closed for user root
May 12 09:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10314]: pam_unix(cron:session): session closed for user root
May 12 09:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session closed for user samftp
May 12 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9365]: pam_unix(cron:session): session closed for user root
May 12 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10829]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10828]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session closed for user p13x
May 12 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: Successful su for rubyman by root
May 12 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: + ??? root:rubyman
May 12 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378086 of user rubyman.
May 12 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: pam_unix(su:session): session closed for user rubyman
May 12 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378086.
May 12 09:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7886]: pam_unix(cron:session): session closed for user root
May 12 09:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10827]: pam_unix(cron:session): session closed for user samftp
May 12 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: Invalid user zhangyun from 34.44.67.109
May 12 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: input_userauth_request: invalid user zhangyun [preauth]
May 12 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109
May 12 09:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: Failed password for invalid user zhangyun from 34.44.67.109 port 46544 ssh2
May 12 09:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: Received disconnect from 34.44.67.109 port 46544:11: Bye Bye [preauth]
May 12 09:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: Disconnected from 34.44.67.109 port 46544 [preauth]
May 12 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6  user=root
May 12 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9808]: pam_unix(cron:session): session closed for user root
May 12 09:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: Failed password for root from 181.49.50.6 port 58852 ssh2
May 12 09:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: Received disconnect from 181.49.50.6 port 58852:11: Bye Bye [preauth]
May 12 09:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: Disconnected from 181.49.50.6 port 58852 [preauth]
May 12 09:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: Invalid user test from 190.244.25.245
May 12 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: input_userauth_request: invalid user test [preauth]
May 12 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 09:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: Failed password for invalid user test from 190.244.25.245 port 54958 ssh2
May 12 09:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: Received disconnect from 190.244.25.245 port 54958:11: Bye Bye [preauth]
May 12 09:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: Disconnected from 190.244.25.245 port 54958 [preauth]
May 12 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11238]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11239]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11236]: pam_unix(cron:session): session closed for user p13x
May 12 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: Successful su for rubyman by root
May 12 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: + ??? root:rubyman
May 12 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378091 of user rubyman.
May 12 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: pam_unix(su:session): session closed for user rubyman
May 12 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378091.
May 12 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8350]: pam_unix(cron:session): session closed for user root
May 12 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11237]: pam_unix(cron:session): session closed for user samftp
May 12 09:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221  user=root
May 12 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11477]: Failed password for root from 188.17.148.221 port 43890 ssh2
May 12 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11477]: Received disconnect from 188.17.148.221 port 43890:11: Bye Bye [preauth]
May 12 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11477]: Disconnected from 188.17.148.221 port 43890 [preauth]
May 12 09:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session closed for user root
May 12 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Invalid user rony from 186.233.208.13
May 12 09:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: input_userauth_request: invalid user rony [preauth]
May 12 09:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 09:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Failed password for invalid user rony from 186.233.208.13 port 45160 ssh2
May 12 09:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Received disconnect from 186.233.208.13 port 45160:11: Bye Bye [preauth]
May 12 09:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Disconnected from 186.233.208.13 port 45160 [preauth]
May 12 09:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: Invalid user admin from 190.244.25.245
May 12 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: input_userauth_request: invalid user admin [preauth]
May 12 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: Failed password for invalid user admin from 190.244.25.245 port 35188 ssh2
May 12 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: Received disconnect from 190.244.25.245 port 35188:11: Bye Bye [preauth]
May 12 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: Disconnected from 190.244.25.245 port 35188 [preauth]
May 12 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11642]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11641]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11639]: pam_unix(cron:session): session closed for user p13x
May 12 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11698]: Successful su for rubyman by root
May 12 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11698]: + ??? root:rubyman
May 12 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378093 of user rubyman.
May 12 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11698]: pam_unix(su:session): session closed for user rubyman
May 12 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378093.
May 12 09:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session closed for user root
May 12 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11640]: pam_unix(cron:session): session closed for user samftp
May 12 09:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Invalid user james from 195.158.24.42
May 12 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: input_userauth_request: invalid user james [preauth]
May 12 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 09:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Failed password for invalid user james from 195.158.24.42 port 52432 ssh2
May 12 09:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Received disconnect from 195.158.24.42 port 52432:11: Bye Bye [preauth]
May 12 09:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Disconnected from 195.158.24.42 port 52432 [preauth]
May 12 09:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66  user=root
May 12 09:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: Failed password for root from 181.115.178.66 port 59600 ssh2
May 12 09:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: Received disconnect from 181.115.178.66 port 59600:11: Bye Bye [preauth]
May 12 09:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: Disconnected from 181.115.178.66 port 59600 [preauth]
May 12 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10829]: pam_unix(cron:session): session closed for user root
May 12 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session closed for user p13x
May 12 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: Successful su for rubyman by root
May 12 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: + ??? root:rubyman
May 12 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378099 of user rubyman.
May 12 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: pam_unix(su:session): session closed for user rubyman
May 12 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378099.
May 12 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session closed for user root
May 12 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session closed for user samftp
May 12 09:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May 12 09:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Failed password for root from 218.92.0.204 port 49584 ssh2
May 12 09:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: message repeated 3 times: [ Failed password for root from 218.92.0.204 port 49584 ssh2]
May 12 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11239]: pam_unix(cron:session): session closed for user root
May 12 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Failed password for root from 218.92.0.204 port 49584 ssh2
May 12 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 49584 ssh2 [preauth]
May 12 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Disconnecting: Too many authentication failures [preauth]
May 12 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May 12 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 09:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12440]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12438]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12437]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12440]: pam_unix(cron:session): session closed for user root
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12435]: pam_unix(cron:session): session closed for user p13x
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12502]: Successful su for rubyman by root
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12502]: + ??? root:rubyman
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378103 of user rubyman.
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12502]: pam_unix(su:session): session closed for user rubyman
May 12 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378103.
May 12 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12437]: pam_unix(cron:session): session closed for user root
May 12 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9807]: pam_unix(cron:session): session closed for user root
May 12 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session closed for user samftp
May 12 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11642]: pam_unix(cron:session): session closed for user root
May 12 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12861]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12860]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12857]: pam_unix(cron:session): session closed for user p13x
May 12 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12922]: Successful su for rubyman by root
May 12 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12922]: + ??? root:rubyman
May 12 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378107 of user rubyman.
May 12 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12922]: pam_unix(su:session): session closed for user rubyman
May 12 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378107.
May 12 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session closed for user root
May 12 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12859]: pam_unix(cron:session): session closed for user samftp
May 12 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19  user=root
May 12 09:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: Failed password for root from 84.200.17.19 port 55392 ssh2
May 12 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: Received disconnect from 84.200.17.19 port 55392:11: Bye Bye [preauth]
May 12 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: Disconnected from 84.200.17.19 port 55392 [preauth]
May 12 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session closed for user root
May 12 09:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13263]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session closed for user p13x
May 12 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13327]: Successful su for rubyman by root
May 12 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13327]: + ??? root:rubyman
May 12 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378113 of user rubyman.
May 12 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13327]: pam_unix(su:session): session closed for user rubyman
May 12 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378113.
May 12 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10828]: pam_unix(cron:session): session closed for user root
May 12 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13261]: pam_unix(cron:session): session closed for user samftp
May 12 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: Failed password for root from 218.92.0.179 port 24705 ssh2
May 12 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: Failed password for root from 218.92.0.179 port 24705 ssh2
May 12 09:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: Failed password for root from 218.92.0.179 port 24705 ssh2
May 12 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Failed password for root from 190.244.25.245 port 37130 ssh2
May 12 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: Received disconnect from 218.92.0.179 port 24705:11:  [preauth]
May 12 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: Disconnected from 218.92.0.179 port 24705 [preauth]
May 12 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Received disconnect from 190.244.25.245 port 37130:11: Bye Bye [preauth]
May 12 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Disconnected from 190.244.25.245 port 37130 [preauth]
May 12 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session closed for user root
May 12 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13753]: Invalid user chris from 47.234.143.55
May 12 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13753]: input_userauth_request: invalid user chris [preauth]
May 12 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13753]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55
May 12 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13753]: Failed password for invalid user chris from 47.234.143.55 port 34416 ssh2
May 12 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13753]: Received disconnect from 47.234.143.55 port 34416:11: Bye Bye [preauth]
May 12 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13753]: Disconnected from 47.234.143.55 port 34416 [preauth]
May 12 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109  user=root
May 12 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: Failed password for root from 34.44.67.109 port 60086 ssh2
May 12 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: Received disconnect from 34.44.67.109 port 60086:11: Bye Bye [preauth]
May 12 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: Disconnected from 34.44.67.109 port 60086 [preauth]
May 12 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13781]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13778]: pam_unix(cron:session): session closed for user p13x
May 12 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: Successful su for rubyman by root
May 12 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: + ??? root:rubyman
May 12 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378116 of user rubyman.
May 12 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: pam_unix(su:session): session closed for user rubyman
May 12 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378116.
May 12 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11238]: pam_unix(cron:session): session closed for user root
May 12 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13779]: pam_unix(cron:session): session closed for user samftp
May 12 09:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Failed password for root from 218.92.0.111 port 60822 ssh2
May 12 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14065]: Invalid user usuario1 from 186.233.208.13
May 12 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14065]: input_userauth_request: invalid user usuario1 [preauth]
May 12 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14065]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Failed password for root from 218.92.0.111 port 60822 ssh2
May 12 09:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14065]: Failed password for invalid user usuario1 from 186.233.208.13 port 34060 ssh2
May 12 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14065]: Received disconnect from 186.233.208.13 port 34060:11: Bye Bye [preauth]
May 12 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14065]: Disconnected from 186.233.208.13 port 34060 [preauth]
May 12 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Invalid user user1 from 195.158.24.42
May 12 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: input_userauth_request: invalid user user1 [preauth]
May 12 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Failed password for root from 218.92.0.111 port 60822 ssh2
May 12 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Received disconnect from 218.92.0.111 port 60822:11:  [preauth]
May 12 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Disconnected from 218.92.0.111 port 60822 [preauth]
May 12 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Failed password for invalid user user1 from 195.158.24.42 port 33448 ssh2
May 12 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Received disconnect from 195.158.24.42 port 33448:11: Bye Bye [preauth]
May 12 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Disconnected from 195.158.24.42 port 33448 [preauth]
May 12 09:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: Failed password for root from 218.92.0.111 port 60836 ssh2
May 12 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: Invalid user home from 190.244.25.245
May 12 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: input_userauth_request: invalid user home [preauth]
May 12 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 09:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: Failed password for root from 218.92.0.111 port 60836 ssh2
May 12 09:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: Failed password for invalid user home from 190.244.25.245 port 60142 ssh2
May 12 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: Received disconnect from 190.244.25.245 port 60142:11: Bye Bye [preauth]
May 12 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: Disconnected from 190.244.25.245 port 60142 [preauth]
May 12 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: Failed password for root from 218.92.0.111 port 60836 ssh2
May 12 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: Received disconnect from 218.92.0.111 port 60836:11:  [preauth]
May 12 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: Disconnected from 218.92.0.111 port 60836 [preauth]
May 12 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12861]: pam_unix(cron:session): session closed for user root
May 12 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: Failed password for root from 218.92.0.111 port 51258 ssh2
May 12 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 51258 ssh2]
May 12 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: Received disconnect from 218.92.0.111 port 51258:11:  [preauth]
May 12 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: Disconnected from 218.92.0.111 port 51258 [preauth]
May 12 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Invalid user admin from 80.94.95.112
May 12 09:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: input_userauth_request: invalid user admin [preauth]
May 12 09:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Invalid user ubnt from 80.94.95.125
May 12 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: input_userauth_request: invalid user ubnt [preauth]
May 12 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Failed password for invalid user admin from 80.94.95.112 port 28641 ssh2
May 12 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Failed password for invalid user ubnt from 80.94.95.125 port 10604 ssh2
May 12 09:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Received disconnect from 80.94.95.125 port 10604:11: Bye [preauth]
May 12 09:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Disconnected from 80.94.95.125 port 10604 [preauth]
May 12 09:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Failed password for invalid user admin from 80.94.95.112 port 28641 ssh2
May 12 09:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Invalid user testserver from 124.198.59.254
May 12 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: input_userauth_request: invalid user testserver [preauth]
May 12 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254
May 12 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Failed password for invalid user admin from 80.94.95.112 port 28641 ssh2
May 12 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Failed password for invalid user testserver from 124.198.59.254 port 34680 ssh2
May 12 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Connection closed by 124.198.59.254 port 34680 [preauth]
May 12 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Failed password for invalid user admin from 80.94.95.112 port 28641 ssh2
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session closed for user p13x
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14256]: Successful su for rubyman by root
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14256]: + ??? root:rubyman
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378119 of user rubyman.
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14256]: pam_unix(su:session): session closed for user rubyman
May 12 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378119.
May 12 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Failed password for invalid user admin from 80.94.95.112 port 28641 ssh2
May 12 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Received disconnect from 80.94.95.112 port 28641:11: Bye [preauth]
May 12 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Disconnected from 80.94.95.112 port 28641 [preauth]
May 12 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11641]: pam_unix(cron:session): session closed for user root
May 12 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user samftp
May 12 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: Invalid user ubuntu from 181.115.178.66
May 12 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: input_userauth_request: invalid user ubuntu [preauth]
May 12 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: Failed password for invalid user ubuntu from 181.115.178.66 port 39036 ssh2
May 12 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: Received disconnect from 181.115.178.66 port 39036:11: Bye Bye [preauth]
May 12 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: Disconnected from 181.115.178.66 port 39036 [preauth]
May 12 09:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: Invalid user laura from 181.49.50.6
May 12 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: input_userauth_request: invalid user laura [preauth]
May 12 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6
May 12 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: Failed password for invalid user laura from 181.49.50.6 port 47390 ssh2
May 12 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: Received disconnect from 181.49.50.6 port 47390:11: Bye Bye [preauth]
May 12 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: Disconnected from 181.49.50.6 port 47390 [preauth]
May 12 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13263]: pam_unix(cron:session): session closed for user root
May 12 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221  user=root
May 12 09:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Failed password for root from 188.17.148.221 port 56532 ssh2
May 12 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Received disconnect from 188.17.148.221 port 56532:11: Bye Bye [preauth]
May 12 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Disconnected from 188.17.148.221 port 56532 [preauth]
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14606]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session closed for user root
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14601]: pam_unix(cron:session): session closed for user p13x
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14689]: Successful su for rubyman by root
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14689]: + ??? root:rubyman
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378123 of user rubyman.
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14689]: pam_unix(su:session): session closed for user rubyman
May 12 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378123.
May 12 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session closed for user root
May 12 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session closed for user root
May 12 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session closed for user samftp
May 12 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13781]: pam_unix(cron:session): session closed for user root
May 12 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: Invalid user tommy from 84.200.17.19
May 12 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: input_userauth_request: invalid user tommy [preauth]
May 12 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19
May 12 09:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: Failed password for invalid user tommy from 84.200.17.19 port 44058 ssh2
May 12 09:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: Received disconnect from 84.200.17.19 port 44058:11: Bye Bye [preauth]
May 12 09:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: Disconnected from 84.200.17.19 port 44058 [preauth]
May 12 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15064]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15062]: pam_unix(cron:session): session closed for user p13x
May 12 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: Successful su for rubyman by root
May 12 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: + ??? root:rubyman
May 12 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378130 of user rubyman.
May 12 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: pam_unix(su:session): session closed for user rubyman
May 12 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378130.
May 12 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12438]: pam_unix(cron:session): session closed for user root
May 12 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15063]: pam_unix(cron:session): session closed for user samftp
May 12 09:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session closed for user root
May 12 09:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15459]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15458]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15456]: pam_unix(cron:session): session closed for user p13x
May 12 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15519]: Successful su for rubyman by root
May 12 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15519]: + ??? root:rubyman
May 12 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378134 of user rubyman.
May 12 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15519]: pam_unix(su:session): session closed for user rubyman
May 12 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378134.
May 12 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12860]: pam_unix(cron:session): session closed for user root
May 12 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15457]: pam_unix(cron:session): session closed for user samftp
May 12 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109  user=root
May 12 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15739]: Failed password for root from 34.44.67.109 port 59746 ssh2
May 12 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15739]: Received disconnect from 34.44.67.109 port 59746:11: Bye Bye [preauth]
May 12 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15739]: Disconnected from 34.44.67.109 port 59746 [preauth]
May 12 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14606]: pam_unix(cron:session): session closed for user root
May 12 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Invalid user ftpuser from 47.234.143.55
May 12 09:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: input_userauth_request: invalid user ftpuser [preauth]
May 12 09:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55
May 12 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Failed password for invalid user ftpuser from 47.234.143.55 port 44508 ssh2
May 12 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Received disconnect from 47.234.143.55 port 44508:11: Bye Bye [preauth]
May 12 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Disconnected from 47.234.143.55 port 44508 [preauth]
May 12 09:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15860]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15862]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15858]: pam_unix(cron:session): session closed for user p13x
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: Successful su for rubyman by root
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: + ??? root:rubyman
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378138 of user rubyman.
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: pam_unix(su:session): session closed for user rubyman
May 12 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378138.
May 12 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Failed password for root from 190.244.25.245 port 52136 ssh2
May 12 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Received disconnect from 190.244.25.245 port 52136:11: Bye Bye [preauth]
May 12 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Disconnected from 190.244.25.245 port 52136 [preauth]
May 12 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session closed for user root
May 12 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15859]: pam_unix(cron:session): session closed for user samftp
May 12 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Invalid user zora from 195.158.24.42
May 12 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: input_userauth_request: invalid user zora [preauth]
May 12 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 09:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Failed password for invalid user zora from 195.158.24.42 port 50658 ssh2
May 12 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Received disconnect from 195.158.24.42 port 50658:11: Bye Bye [preauth]
May 12 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Disconnected from 195.158.24.42 port 50658 [preauth]
May 12 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session closed for user root
May 12 09:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221  user=root
May 12 09:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Failed password for root from 188.17.148.221 port 59052 ssh2
May 12 09:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Received disconnect from 188.17.148.221 port 59052:11: Bye Bye [preauth]
May 12 09:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Disconnected from 188.17.148.221 port 59052 [preauth]
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16250]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16251]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16245]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16247]: pam_unix(cron:session): session closed for user p13x
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16363]: Successful su for rubyman by root
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16363]: + ??? root:rubyman
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378143 of user rubyman.
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16363]: pam_unix(su:session): session closed for user rubyman
May 12 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378143.
May 12 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16245]: pam_unix(cron:session): session closed for user root
May 12 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16428]: Invalid user render from 186.233.208.13
May 12 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16428]: input_userauth_request: invalid user render [preauth]
May 12 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16428]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Invalid user gray from 190.244.25.245
May 12 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: input_userauth_request: invalid user gray [preauth]
May 12 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session closed for user root
May 12 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16428]: Failed password for invalid user render from 186.233.208.13 port 42414 ssh2
May 12 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16428]: Received disconnect from 186.233.208.13 port 42414:11: Bye Bye [preauth]
May 12 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16428]: Disconnected from 186.233.208.13 port 42414 [preauth]
May 12 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16248]: pam_unix(cron:session): session closed for user samftp
May 12 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Failed password for invalid user gray from 190.244.25.245 port 44906 ssh2
May 12 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Received disconnect from 190.244.25.245 port 44906:11: Bye Bye [preauth]
May 12 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Disconnected from 190.244.25.245 port 44906 [preauth]
May 12 09:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6  user=root
May 12 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Failed password for root from 181.49.50.6 port 55018 ssh2
May 12 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Received disconnect from 181.49.50.6 port 55018:11: Bye Bye [preauth]
May 12 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Disconnected from 181.49.50.6 port 55018 [preauth]
May 12 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15459]: pam_unix(cron:session): session closed for user root
May 12 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16799]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session closed for user root
May 12 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16795]: pam_unix(cron:session): session closed for user p13x
May 12 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16863]: Successful su for rubyman by root
May 12 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16863]: + ??? root:rubyman
May 12 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378147 of user rubyman.
May 12 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16863]: pam_unix(su:session): session closed for user rubyman
May 12 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378147.
May 12 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session closed for user root
May 12 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user root
May 12 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: Invalid user mckenzie from 181.115.178.66
May 12 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: input_userauth_request: invalid user mckenzie [preauth]
May 12 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16796]: pam_unix(cron:session): session closed for user samftp
May 12 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: Failed password for invalid user mckenzie from 181.115.178.66 port 35784 ssh2
May 12 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: Received disconnect from 181.115.178.66 port 35784:11: Bye Bye [preauth]
May 12 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: Disconnected from 181.115.178.66 port 35784 [preauth]
May 12 09:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17139]: Invalid user ec2-user from 84.200.17.19
May 12 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17139]: input_userauth_request: invalid user ec2-user [preauth]
May 12 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17139]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19
May 12 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17139]: Failed password for invalid user ec2-user from 84.200.17.19 port 50294 ssh2
May 12 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17139]: Received disconnect from 84.200.17.19 port 50294:11: Bye Bye [preauth]
May 12 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17139]: Disconnected from 84.200.17.19 port 50294 [preauth]
May 12 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15862]: pam_unix(cron:session): session closed for user root
May 12 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17260]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17261]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17257]: pam_unix(cron:session): session closed for user p13x
May 12 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17330]: Successful su for rubyman by root
May 12 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17330]: + ??? root:rubyman
May 12 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378153 of user rubyman.
May 12 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17330]: pam_unix(su:session): session closed for user rubyman
May 12 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378153.
May 12 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session closed for user root
May 12 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17259]: pam_unix(cron:session): session closed for user samftp
May 12 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16251]: pam_unix(cron:session): session closed for user root
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Invalid user ftp1 from 34.44.67.109
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: input_userauth_request: invalid user ftp1 [preauth]
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: Connection closed by 142.44.212.226 port 48028 [preauth]
May 12 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: Connection closed by 142.44.212.226 port 48038 [preauth]
May 12 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17669]: fatal: Unable to negotiate with 142.44.212.226 port 48052: no matching host key type found. Their offer: ssh-ed25519 [preauth]
May 12 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17668]: fatal: Unable to negotiate with 142.44.212.226 port 48064: no matching host key type found. Their offer: sk-ecdsa-sha2-nistp256@openssh.com [preauth]
May 12 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: fatal: Unable to negotiate with 142.44.212.226 port 48070: no matching host key type found. Their offer: sk-ssh-ed25519@openssh.com [preauth]
May 12 09:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Failed password for invalid user ftp1 from 34.44.67.109 port 35390 ssh2
May 12 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Received disconnect from 34.44.67.109 port 35390:11: Bye Bye [preauth]
May 12 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Disconnected from 34.44.67.109 port 35390 [preauth]
May 12 09:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17703]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17702]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17700]: pam_unix(cron:session): session closed for user p13x
May 12 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17781]: Successful su for rubyman by root
May 12 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17781]: + ??? root:rubyman
May 12 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378157 of user rubyman.
May 12 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17781]: pam_unix(su:session): session closed for user rubyman
May 12 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378157.
May 12 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15064]: pam_unix(cron:session): session closed for user root
May 12 09:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17701]: pam_unix(cron:session): session closed for user samftp
May 12 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.39.1.158  user=root
May 12 09:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: Failed password for root from 110.39.1.158 port 49524 ssh2
May 12 09:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: Invalid user amule from 47.234.143.55
May 12 09:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: input_userauth_request: invalid user amule [preauth]
May 12 09:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55
May 12 09:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: Failed password for invalid user amule from 47.234.143.55 port 53180 ssh2
May 12 09:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: Received disconnect from 47.234.143.55 port 53180:11: Bye Bye [preauth]
May 12 09:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: Disconnected from 47.234.143.55 port 53180 [preauth]
May 12 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16799]: pam_unix(cron:session): session closed for user root
May 12 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18222]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18221]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18219]: pam_unix(cron:session): session closed for user p13x
May 12 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18280]: Successful su for rubyman by root
May 12 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18280]: + ??? root:rubyman
May 12 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378161 of user rubyman.
May 12 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18280]: pam_unix(su:session): session closed for user rubyman
May 12 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378161.
May 12 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15458]: pam_unix(cron:session): session closed for user root
May 12 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18220]: pam_unix(cron:session): session closed for user samftp
May 12 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221  user=root
May 12 09:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Failed password for root from 188.17.148.221 port 33344 ssh2
May 12 09:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Received disconnect from 188.17.148.221 port 33344:11: Bye Bye [preauth]
May 12 09:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Disconnected from 188.17.148.221 port 33344 [preauth]
May 12 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17261]: pam_unix(cron:session): session closed for user root
May 12 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42  user=root
May 12 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18548]: Failed password for root from 195.158.24.42 port 53612 ssh2
May 12 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18548]: Received disconnect from 195.158.24.42 port 53612:11: Bye Bye [preauth]
May 12 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18548]: Disconnected from 195.158.24.42 port 53612 [preauth]
May 12 09:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Invalid user home from 190.244.25.245
May 12 09:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: input_userauth_request: invalid user home [preauth]
May 12 09:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 09:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Failed password for invalid user home from 190.244.25.245 port 34902 ssh2
May 12 09:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Received disconnect from 190.244.25.245 port 34902:11: Bye Bye [preauth]
May 12 09:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Disconnected from 190.244.25.245 port 34902 [preauth]
May 12 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session closed for user p13x
May 12 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: Successful su for rubyman by root
May 12 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: + ??? root:rubyman
May 12 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378167 of user rubyman.
May 12 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: pam_unix(su:session): session closed for user rubyman
May 12 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378167.
May 12 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15860]: pam_unix(cron:session): session closed for user root
May 12 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18637]: pam_unix(cron:session): session closed for user samftp
May 12 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17703]: pam_unix(cron:session): session closed for user root
May 12 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: Invalid user odoo from 181.49.50.6
May 12 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: input_userauth_request: invalid user odoo [preauth]
May 12 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6
May 12 09:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: Failed password for invalid user odoo from 181.49.50.6 port 34424 ssh2
May 12 09:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: Received disconnect from 181.49.50.6 port 34424:11: Bye Bye [preauth]
May 12 09:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: Disconnected from 181.49.50.6 port 34424 [preauth]
May 12 09:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: Invalid user amule from 84.200.17.19
May 12 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: input_userauth_request: invalid user amule [preauth]
May 12 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19
May 12 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: Failed password for invalid user amule from 84.200.17.19 port 45224 ssh2
May 12 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: Received disconnect from 84.200.17.19 port 45224:11: Bye Bye [preauth]
May 12 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: Disconnected from 84.200.17.19 port 45224 [preauth]
May 12 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Invalid user uno50 from 186.233.208.13
May 12 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: input_userauth_request: invalid user uno50 [preauth]
May 12 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Failed password for invalid user uno50 from 186.233.208.13 port 45032 ssh2
May 12 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Received disconnect from 186.233.208.13 port 45032:11: Bye Bye [preauth]
May 12 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Disconnected from 186.233.208.13 port 45032 [preauth]
May 12 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: Invalid user rtc from 190.244.25.245
May 12 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: input_userauth_request: invalid user rtc [preauth]
May 12 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 09:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: Failed password for invalid user rtc from 190.244.25.245 port 46164 ssh2
May 12 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: Received disconnect from 190.244.25.245 port 46164:11: Bye Bye [preauth]
May 12 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: Disconnected from 190.244.25.245 port 46164 [preauth]
May 12 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19056]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19055]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19057]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session closed for user root
May 12 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19053]: pam_unix(cron:session): session closed for user p13x
May 12 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19126]: Successful su for rubyman by root
May 12 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19126]: + ??? root:rubyman
May 12 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378168 of user rubyman.
May 12 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19126]: pam_unix(su:session): session closed for user rubyman
May 12 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378168.
May 12 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16250]: pam_unix(cron:session): session closed for user root
May 12 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19055]: pam_unix(cron:session): session closed for user root
May 12 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19054]: pam_unix(cron:session): session closed for user samftp
May 12 09:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18222]: pam_unix(cron:session): session closed for user root
May 12 09:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Invalid user rtc from 181.115.178.66
May 12 09:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: input_userauth_request: invalid user rtc [preauth]
May 12 09:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Failed password for invalid user rtc from 181.115.178.66 port 60506 ssh2
May 12 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Received disconnect from 181.115.178.66 port 60506:11: Bye Bye [preauth]
May 12 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Disconnected from 181.115.178.66 port 60506 [preauth]
May 12 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19495]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19496]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19493]: pam_unix(cron:session): session closed for user p13x
May 12 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19563]: Successful su for rubyman by root
May 12 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19563]: + ??? root:rubyman
May 12 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378176 of user rubyman.
May 12 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19563]: pam_unix(su:session): session closed for user rubyman
May 12 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378176.
May 12 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session closed for user root
May 12 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session closed for user samftp
May 12 09:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Invalid user tommy from 34.44.67.109
May 12 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: input_userauth_request: invalid user tommy [preauth]
May 12 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109
May 12 09:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Failed password for invalid user tommy from 34.44.67.109 port 57850 ssh2
May 12 09:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Received disconnect from 34.44.67.109 port 57850:11: Bye Bye [preauth]
May 12 09:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Disconnected from 34.44.67.109 port 57850 [preauth]
May 12 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session closed for user root
May 12 09:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May 12 09:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: Failed password for root from 164.68.105.9 port 54060 ssh2
May 12 09:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: Connection closed by 164.68.105.9 port 54060 [preauth]
May 12 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19922]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19921]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19918]: pam_unix(cron:session): session closed for user p13x
May 12 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19985]: Successful su for rubyman by root
May 12 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19985]: + ??? root:rubyman
May 12 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378178 of user rubyman.
May 12 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19985]: pam_unix(su:session): session closed for user rubyman
May 12 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378178.
May 12 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17260]: pam_unix(cron:session): session closed for user root
May 12 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55  user=root
May 12 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: Failed password for root from 47.234.143.55 port 33572 ssh2
May 12 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: Received disconnect from 47.234.143.55 port 33572:11: Bye Bye [preauth]
May 12 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: Disconnected from 47.234.143.55 port 33572 [preauth]
May 12 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19919]: pam_unix(cron:session): session closed for user samftp
May 12 09:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Invalid user wululu from 50.235.31.47
May 12 09:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: input_userauth_request: invalid user wululu [preauth]
May 12 09:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May 12 09:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Failed password for invalid user wululu from 50.235.31.47 port 43996 ssh2
May 12 09:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Connection closed by 50.235.31.47 port 43996 [preauth]
May 12 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19057]: pam_unix(cron:session): session closed for user root
May 12 09:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: Invalid user zhangyun from 188.17.148.221
May 12 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: input_userauth_request: invalid user zhangyun [preauth]
May 12 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
May 12 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: Invalid user ubnt from 80.94.95.125
May 12 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: input_userauth_request: invalid user ubnt [preauth]
May 12 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: Failed password for invalid user zhangyun from 188.17.148.221 port 35862 ssh2
May 12 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: Failed password for invalid user ubnt from 80.94.95.125 port 18107 ssh2
May 12 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: Received disconnect from 80.94.95.125 port 18107:11: Bye [preauth]
May 12 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: Disconnected from 80.94.95.125 port 18107 [preauth]
May 12 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: Received disconnect from 188.17.148.221 port 35862:11: Bye Bye [preauth]
May 12 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: Disconnected from 188.17.148.221 port 35862 [preauth]
May 12 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20340]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20339]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20337]: pam_unix(cron:session): session closed for user p13x
May 12 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20402]: Successful su for rubyman by root
May 12 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20402]: + ??? root:rubyman
May 12 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378182 of user rubyman.
May 12 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20402]: pam_unix(su:session): session closed for user rubyman
May 12 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378182.
May 12 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17702]: pam_unix(cron:session): session closed for user root
May 12 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20338]: pam_unix(cron:session): session closed for user samftp
May 12 09:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19496]: pam_unix(cron:session): session closed for user root
May 12 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Invalid user user from 195.158.24.42
May 12 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: input_userauth_request: invalid user user [preauth]
May 12 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Failed password for invalid user user from 195.158.24.42 port 41688 ssh2
May 12 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Received disconnect from 195.158.24.42 port 41688:11: Bye Bye [preauth]
May 12 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Disconnected from 195.158.24.42 port 41688 [preauth]
May 12 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20754]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20751]: pam_unix(cron:session): session closed for user p13x
May 12 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20817]: Successful su for rubyman by root
May 12 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20817]: + ??? root:rubyman
May 12 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378188 of user rubyman.
May 12 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20817]: pam_unix(su:session): session closed for user rubyman
May 12 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378188.
May 12 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18221]: pam_unix(cron:session): session closed for user root
May 12 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20752]: pam_unix(cron:session): session closed for user samftp
May 12 09:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19  user=root
May 12 09:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: Failed password for root from 84.200.17.19 port 40074 ssh2
May 12 09:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: Received disconnect from 84.200.17.19 port 40074:11: Bye Bye [preauth]
May 12 09:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: Disconnected from 84.200.17.19 port 40074 [preauth]
May 12 09:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: Invalid user test from 190.244.25.245
May 12 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: input_userauth_request: invalid user test [preauth]
May 12 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 09:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: Failed password for invalid user test from 190.244.25.245 port 59842 ssh2
May 12 09:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: Received disconnect from 190.244.25.245 port 59842:11: Bye Bye [preauth]
May 12 09:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: Disconnected from 190.244.25.245 port 59842 [preauth]
May 12 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19922]: pam_unix(cron:session): session closed for user root
May 12 09:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Invalid user devuser from 181.49.50.6
May 12 09:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: input_userauth_request: invalid user devuser [preauth]
May 12 09:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6
May 12 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Failed password for invalid user devuser from 181.49.50.6 port 42012 ssh2
May 12 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Received disconnect from 181.49.50.6 port 42012:11: Bye Bye [preauth]
May 12 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Disconnected from 181.49.50.6 port 42012 [preauth]
May 12 09:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.235  user=root
May 12 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21157]: Failed password for root from 218.92.0.235 port 23992 ssh2
May 12 09:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21157]: Failed password for root from 218.92.0.235 port 23992 ssh2
May 12 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21176]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21174]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21173]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21175]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21176]: pam_unix(cron:session): session closed for user root
May 12 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21170]: pam_unix(cron:session): session closed for user p13x
May 12 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21267]: Successful su for rubyman by root
May 12 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21267]: + ??? root:rubyman
May 12 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378194 of user rubyman.
May 12 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21267]: pam_unix(su:session): session closed for user rubyman
May 12 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378194.
May 12 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21173]: pam_unix(cron:session): session closed for user root
May 12 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session closed for user root
May 12 09:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session closed for user samftp
May 12 09:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: Invalid user finance from 186.233.208.13
May 12 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: input_userauth_request: invalid user finance [preauth]
May 12 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: Invalid user timothee from 190.244.25.245
May 12 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: input_userauth_request: invalid user timothee [preauth]
May 12 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: Failed password for invalid user finance from 186.233.208.13 port 51260 ssh2
May 12 09:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: Received disconnect from 186.233.208.13 port 51260:11: Bye Bye [preauth]
May 12 09:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: Disconnected from 186.233.208.13 port 51260 [preauth]
May 12 09:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: Failed password for invalid user timothee from 190.244.25.245 port 40902 ssh2
May 12 09:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Failed password for root from 218.92.0.179 port 21687 ssh2
May 12 09:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: Received disconnect from 190.244.25.245 port 40902:11: Bye Bye [preauth]
May 12 09:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: Disconnected from 190.244.25.245 port 40902 [preauth]
May 12 09:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109  user=root
May 12 09:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Failed password for root from 218.92.0.179 port 21687 ssh2
May 12 09:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21565]: Failed password for root from 34.44.67.109 port 34338 ssh2
May 12 09:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21565]: Received disconnect from 34.44.67.109 port 34338:11: Bye Bye [preauth]
May 12 09:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21565]: Disconnected from 34.44.67.109 port 34338 [preauth]
May 12 09:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Failed password for root from 218.92.0.179 port 21687 ssh2
May 12 09:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Received disconnect from 218.92.0.179 port 21687:11:  [preauth]
May 12 09:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Disconnected from 218.92.0.179 port 21687 [preauth]
May 12 09:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20340]: pam_unix(cron:session): session closed for user root
May 12 09:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21687]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21688]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session closed for user p13x
May 12 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21854]: Successful su for rubyman by root
May 12 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21854]: + ??? root:rubyman
May 12 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378196 of user rubyman.
May 12 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21854]: pam_unix(su:session): session closed for user rubyman
May 12 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378196.
May 12 09:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May 12 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19056]: pam_unix(cron:session): session closed for user root
May 12 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Failed password for root from 218.92.0.223 port 41772 ssh2
May 12 09:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21686]: pam_unix(cron:session): session closed for user samftp
May 12 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Failed password for root from 218.92.0.223 port 41772 ssh2
May 12 09:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Failed password for root from 218.92.0.223 port 41772 ssh2
May 12 09:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May 12 09:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: Failed password for root from 218.92.0.223 port 51778 ssh2
May 12 09:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: Failed password for root from 218.92.0.223 port 51778 ssh2
May 12 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: Invalid user test from 181.115.178.66
May 12 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: input_userauth_request: invalid user test [preauth]
May 12 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: Failed password for invalid user test from 181.115.178.66 port 55270 ssh2
May 12 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: Failed password for root from 218.92.0.223 port 51778 ssh2
May 12 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: Received disconnect from 181.115.178.66 port 55270:11: Bye Bye [preauth]
May 12 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: Disconnected from 181.115.178.66 port 55270 [preauth]
May 12 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: Received disconnect from 218.92.0.223 port 51778:11:  [preauth]
May 12 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: Disconnected from 218.92.0.223 port 51778 [preauth]
May 12 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May 12 09:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20754]: pam_unix(cron:session): session closed for user root
May 12 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55  user=root
May 12 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: Failed password for root from 47.234.143.55 port 42176 ssh2
May 12 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: Received disconnect from 47.234.143.55 port 42176:11: Bye Bye [preauth]
May 12 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: Disconnected from 47.234.143.55 port 42176 [preauth]
May 12 09:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: Invalid user everson from 188.17.148.221
May 12 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: input_userauth_request: invalid user everson [preauth]
May 12 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
May 12 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: Failed password for invalid user everson from 188.17.148.221 port 38372 ssh2
May 12 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: Received disconnect from 188.17.148.221 port 38372:11: Bye Bye [preauth]
May 12 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: Disconnected from 188.17.148.221 port 38372 [preauth]
May 12 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session closed for user p13x
May 12 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: Successful su for rubyman by root
May 12 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: + ??? root:rubyman
May 12 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378200 of user rubyman.
May 12 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: pam_unix(su:session): session closed for user rubyman
May 12 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378200.
May 12 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19495]: pam_unix(cron:session): session closed for user root
May 12 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session closed for user samftp
May 12 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21175]: pam_unix(cron:session): session closed for user root
May 12 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session closed for user p13x
May 12 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23007]: Successful su for rubyman by root
May 12 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23007]: + ??? root:rubyman
May 12 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378204 of user rubyman.
May 12 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23007]: pam_unix(su:session): session closed for user rubyman
May 12 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378204.
May 12 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19921]: pam_unix(cron:session): session closed for user root
May 12 09:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session closed for user samftp
May 12 09:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21688]: pam_unix(cron:session): session closed for user root
May 12 09:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Invalid user mary from 195.158.24.42
May 12 09:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: input_userauth_request: invalid user mary [preauth]
May 12 09:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 09:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Invalid user chris from 84.200.17.19
May 12 09:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: input_userauth_request: invalid user chris [preauth]
May 12 09:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19
May 12 09:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Failed password for invalid user mary from 195.158.24.42 port 43422 ssh2
May 12 09:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Received disconnect from 195.158.24.42 port 43422:11: Bye Bye [preauth]
May 12 09:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Disconnected from 195.158.24.42 port 43422 [preauth]
May 12 09:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Failed password for invalid user chris from 84.200.17.19 port 39198 ssh2
May 12 09:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Received disconnect from 84.200.17.19 port 39198:11: Bye Bye [preauth]
May 12 09:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Disconnected from 84.200.17.19 port 39198 [preauth]
May 12 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23451]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23450]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session closed for user p13x
May 12 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23510]: Successful su for rubyman by root
May 12 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23510]: + ??? root:rubyman
May 12 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378209 of user rubyman.
May 12 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23510]: pam_unix(su:session): session closed for user rubyman
May 12 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378209.
May 12 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20339]: pam_unix(cron:session): session closed for user root
May 12 09:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23449]: pam_unix(cron:session): session closed for user samftp
May 12 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session closed for user root
May 12 09:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: Invalid user len from 181.49.50.6
May 12 09:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: input_userauth_request: invalid user len [preauth]
May 12 09:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6
May 12 09:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109  user=root
May 12 09:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: Failed password for invalid user len from 181.49.50.6 port 49634 ssh2
May 12 09:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: Received disconnect from 181.49.50.6 port 49634:11: Bye Bye [preauth]
May 12 09:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: Disconnected from 181.49.50.6 port 49634 [preauth]
May 12 09:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: Failed password for root from 34.44.67.109 port 41448 ssh2
May 12 09:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: Received disconnect from 34.44.67.109 port 41448:11: Bye Bye [preauth]
May 12 09:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: Disconnected from 34.44.67.109 port 41448 [preauth]
May 12 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session closed for user root
May 12 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23962]: pam_unix(cron:session): session closed for user p13x
May 12 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: Successful su for rubyman by root
May 12 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: + ??? root:rubyman
May 12 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378215 of user rubyman.
May 12 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: pam_unix(su:session): session closed for user rubyman
May 12 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378215.
May 12 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session closed for user root
May 12 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session closed for user root
May 12 09:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23963]: pam_unix(cron:session): session closed for user samftp
May 12 09:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: Invalid user mckenzie from 190.244.25.245
May 12 09:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: input_userauth_request: invalid user mckenzie [preauth]
May 12 09:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: Failed password for invalid user mckenzie from 190.244.25.245 port 52124 ssh2
May 12 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: Received disconnect from 190.244.25.245 port 52124:11: Bye Bye [preauth]
May 12 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: Disconnected from 190.244.25.245 port 52124 [preauth]
May 12 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session closed for user root
May 12 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24456]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24458]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24454]: pam_unix(cron:session): session closed for user p13x
May 12 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: Successful su for rubyman by root
May 12 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: + ??? root:rubyman
May 12 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378218 of user rubyman.
May 12 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: pam_unix(su:session): session closed for user rubyman
May 12 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378218.
May 12 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21174]: pam_unix(cron:session): session closed for user root
May 12 09:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24455]: pam_unix(cron:session): session closed for user samftp
May 12 09:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May 12 09:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: Failed password for root from 186.233.208.13 port 37344 ssh2
May 12 09:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: Received disconnect from 186.233.208.13 port 37344:11: Bye Bye [preauth]
May 12 09:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: Disconnected from 186.233.208.13 port 37344 [preauth]
May 12 09:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Invalid user tommy from 188.17.148.221
May 12 09:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: input_userauth_request: invalid user tommy [preauth]
May 12 09:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
May 12 09:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 09:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Failed password for invalid user tommy from 188.17.148.221 port 40894 ssh2
May 12 09:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Failed password for root from 190.244.25.245 port 35670 ssh2
May 12 09:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Received disconnect from 188.17.148.221 port 40894:11: Bye Bye [preauth]
May 12 09:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Disconnected from 188.17.148.221 port 40894 [preauth]
May 12 09:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Received disconnect from 190.244.25.245 port 35670:11: Bye Bye [preauth]
May 12 09:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Disconnected from 190.244.25.245 port 35670 [preauth]
May 12 09:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55  user=root
May 12 09:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: Invalid user 123456789 from 193.32.162.157
May 12 09:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: input_userauth_request: invalid user 123456789 [preauth]
May 12 09:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 09:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24773]: Failed password for root from 47.234.143.55 port 52540 ssh2
May 12 09:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24773]: Received disconnect from 47.234.143.55 port 52540:11: Bye Bye [preauth]
May 12 09:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24773]: Disconnected from 47.234.143.55 port 52540 [preauth]
May 12 09:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: Failed password for invalid user 123456789 from 193.32.162.157 port 29136 ssh2
May 12 09:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: Connection closed by 193.32.162.157 port 29136 [preauth]
May 12 09:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23451]: pam_unix(cron:session): session closed for user root
May 12 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: Invalid user accounting from 193.32.162.157
May 12 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: input_userauth_request: invalid user accounting [preauth]
May 12 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 09:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: Failed password for invalid user accounting from 193.32.162.157 port 15142 ssh2
May 12 09:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: Connection closed by 193.32.162.157 port 15142 [preauth]
May 12 09:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Invalid user monerod from 193.32.162.157
May 12 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: input_userauth_request: invalid user monerod [preauth]
May 12 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Failed password for invalid user monerod from 193.32.162.157 port 1516 ssh2
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24894]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24890]: pam_unix(cron:session): session closed for user p13x
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24963]: Successful su for rubyman by root
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24963]: + ??? root:rubyman
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378222 of user rubyman.
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24963]: pam_unix(su:session): session closed for user rubyman
May 12 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378222.
May 12 09:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Connection closed by 193.32.162.157 port 1516 [preauth]
May 12 09:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21687]: pam_unix(cron:session): session closed for user root
May 12 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24891]: pam_unix(cron:session): session closed for user samftp
May 12 09:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: Invalid user opsadmin from 181.115.178.66
May 12 09:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: input_userauth_request: invalid user opsadmin [preauth]
May 12 09:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 09:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: Failed password for invalid user opsadmin from 181.115.178.66 port 56134 ssh2
May 12 09:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: Received disconnect from 181.115.178.66 port 56134:11: Bye Bye [preauth]
May 12 09:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: Disconnected from 181.115.178.66 port 56134 [preauth]
May 12 09:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: Invalid user 123456 from 193.32.162.157
May 12 09:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: input_userauth_request: invalid user 123456 [preauth]
May 12 09:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 09:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: Failed password for invalid user 123456 from 193.32.162.157 port 29366 ssh2
May 12 09:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: Connection closed by 193.32.162.157 port 29366 [preauth]
May 12 09:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: Failed password for root from 218.92.0.179 port 19404 ssh2
May 12 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session closed for user root
May 12 09:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: Failed password for root from 218.92.0.179 port 19404 ssh2
May 12 09:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: Received disconnect from 218.92.0.179 port 19404:11:  [preauth]
May 12 09:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: Disconnected from 218.92.0.179 port 19404 [preauth]
May 12 09:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Invalid user abraham from 193.32.162.157
May 12 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: input_userauth_request: invalid user abraham [preauth]
May 12 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Failed password for invalid user abraham from 193.32.162.157 port 38744 ssh2
May 12 09:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Connection closed by 193.32.162.157 port 38744 [preauth]
May 12 09:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25328]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25327]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25325]: pam_unix(cron:session): session closed for user p13x
May 12 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: Successful su for rubyman by root
May 12 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: + ??? root:rubyman
May 12 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378229 of user rubyman.
May 12 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: pam_unix(su:session): session closed for user rubyman
May 12 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378229.
May 12 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session closed for user root
May 12 09:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25326]: pam_unix(cron:session): session closed for user samftp
May 12 09:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Invalid user zhangyun from 84.200.17.19
May 12 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: input_userauth_request: invalid user zhangyun [preauth]
May 12 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19
May 12 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Invalid user ftptest from 185.93.89.118
May 12 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: input_userauth_request: invalid user ftptest [preauth]
May 12 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 09:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Failed password for invalid user zhangyun from 84.200.17.19 port 56864 ssh2
May 12 09:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Failed password for invalid user ftptest from 185.93.89.118 port 56608 ssh2
May 12 09:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Received disconnect from 84.200.17.19 port 56864:11: Bye Bye [preauth]
May 12 09:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Disconnected from 84.200.17.19 port 56864 [preauth]
May 12 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Connection closed by 185.93.89.118 port 56608 [preauth]
May 12 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: Invalid user ftptest from 185.93.89.118
May 12 09:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: input_userauth_request: invalid user ftptest [preauth]
May 12 09:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 09:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24458]: pam_unix(cron:session): session closed for user root
May 12 09:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: Failed password for invalid user ftptest from 185.93.89.118 port 33128 ssh2
May 12 09:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: Connection closed by 185.93.89.118 port 33128 [preauth]
May 12 09:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Invalid user pbsadmin from 195.158.24.42
May 12 09:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: input_userauth_request: invalid user pbsadmin [preauth]
May 12 09:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 09:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Failed password for invalid user pbsadmin from 195.158.24.42 port 36370 ssh2
May 12 09:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Received disconnect from 195.158.24.42 port 36370:11: Bye Bye [preauth]
May 12 09:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Disconnected from 195.158.24.42 port 36370 [preauth]
May 12 09:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: Invalid user ftptest1 from 185.93.89.118
May 12 09:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: input_userauth_request: invalid user ftptest1 [preauth]
May 12 09:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25796]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25798]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25794]: pam_unix(cron:session): session closed for user p13x
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: Successful su for rubyman by root
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: + ??? root:rubyman
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378230 of user rubyman.
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: pam_unix(su:session): session closed for user rubyman
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378230.
May 12 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: Failed password for invalid user ftptest1 from 185.93.89.118 port 52768 ssh2
May 12 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session closed for user root
May 12 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: Connection closed by 185.93.89.118 port 52768 [preauth]
May 12 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25795]: pam_unix(cron:session): session closed for user samftp
May 12 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Invalid user ftpuser from 34.44.67.109
May 12 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: input_userauth_request: invalid user ftpuser [preauth]
May 12 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109
May 12 09:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Failed password for invalid user ftpuser from 34.44.67.109 port 47892 ssh2
May 12 09:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Received disconnect from 34.44.67.109 port 47892:11: Bye Bye [preauth]
May 12 09:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Disconnected from 34.44.67.109 port 47892 [preauth]
May 12 09:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Invalid user ftpsecure from 185.93.89.118
May 12 09:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: input_userauth_request: invalid user ftpsecure [preauth]
May 12 09:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 09:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Failed password for invalid user ftpsecure from 185.93.89.118 port 64176 ssh2
May 12 09:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Connection closed by 185.93.89.118 port 64176 [preauth]
May 12 09:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24894]: pam_unix(cron:session): session closed for user root
May 12 09:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Invalid user ftpmedia from 185.93.89.118
May 12 09:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: input_userauth_request: invalid user ftpmedia [preauth]
May 12 09:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: pam_unix(sshd:auth): check pass; user unknown
May 12 09:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 09:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Failed password for invalid user ftpmedia from 185.93.89.118 port 56326 ssh2
May 12 09:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Connection closed by 185.93.89.118 port 56326 [preauth]
May 12 09:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 09:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6  user=root
May 12 09:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26208]: Failed password for root from 181.49.50.6 port 57252 ssh2
May 12 09:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26208]: Received disconnect from 181.49.50.6 port 57252:11: Bye Bye [preauth]
May 12 09:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26208]: Disconnected from 181.49.50.6 port 57252 [preauth]
May 12 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26240]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26243]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session closed for user root
May 12 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26240]: pam_unix(cron:session): session closed for user root
May 12 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26238]: pam_unix(cron:session): session closed for user p13x
May 12 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26340]: Successful su for rubyman by root
May 12 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26340]: + ??? root:rubyman
May 12 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378239 of user rubyman.
May 12 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26340]: pam_unix(su:session): session closed for user rubyman
May 12 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378239.
May 12 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23450]: pam_unix(cron:session): session closed for user root
May 12 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session closed for user root
May 12 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session closed for user samftp
May 12 10:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May 12 10:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: Failed password for root from 218.92.0.112 port 51570 ssh2
May 12 10:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26689]: Invalid user chris from 188.17.148.221
May 12 10:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26689]: input_userauth_request: invalid user chris [preauth]
May 12 10:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26689]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
May 12 10:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26689]: Failed password for invalid user chris from 188.17.148.221 port 43406 ssh2
May 12 10:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26689]: Received disconnect from 188.17.148.221 port 43406:11: Bye Bye [preauth]
May 12 10:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26689]: Disconnected from 188.17.148.221 port 43406 [preauth]
May 12 10:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25328]: pam_unix(cron:session): session closed for user root
May 12 10:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Failed password for root from 218.92.0.231 port 58458 ssh2
May 12 10:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 58458 ssh2]
May 12 10:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Received disconnect from 218.92.0.231 port 58458:11:  [preauth]
May 12 10:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Disconnected from 218.92.0.231 port 58458 [preauth]
May 12 10:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 10:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: Connection closed by 176.215.1.191 port 47672 [preauth]
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26875]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26876]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session closed for user p13x
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26985]: Successful su for rubyman by root
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26985]: + ??? root:rubyman
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378241 of user rubyman.
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26985]: pam_unix(su:session): session closed for user rubyman
May 12 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378241.
May 12 10:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: Invalid user opsadmin from 190.244.25.245
May 12 10:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: input_userauth_request: invalid user opsadmin [preauth]
May 12 10:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: Failed password for invalid user opsadmin from 190.244.25.245 port 58002 ssh2
May 12 10:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: Received disconnect from 190.244.25.245 port 58002:11: Bye Bye [preauth]
May 12 10:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: Disconnected from 190.244.25.245 port 58002 [preauth]
May 12 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session closed for user root
May 12 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26874]: pam_unix(cron:session): session closed for user samftp
May 12 10:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55  user=root
May 12 10:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: Failed password for root from 47.234.143.55 port 35210 ssh2
May 12 10:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: Received disconnect from 47.234.143.55 port 35210:11: Bye Bye [preauth]
May 12 10:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: Disconnected from 47.234.143.55 port 35210 [preauth]
May 12 10:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Invalid user admin from 80.94.95.125
May 12 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: input_userauth_request: invalid user admin [preauth]
May 12 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Failed password for invalid user admin from 80.94.95.125 port 47040 ssh2
May 12 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Received disconnect from 80.94.95.125 port 47040:11: Bye [preauth]
May 12 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Disconnected from 80.94.95.125 port 47040 [preauth]
May 12 10:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25798]: pam_unix(cron:session): session closed for user root
May 12 10:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Invalid user scpuser from 186.233.208.13
May 12 10:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: input_userauth_request: invalid user scpuser [preauth]
May 12 10:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May 12 10:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Failed password for invalid user scpuser from 186.233.208.13 port 43412 ssh2
May 12 10:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Received disconnect from 186.233.208.13 port 43412:11: Bye Bye [preauth]
May 12 10:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Disconnected from 186.233.208.13 port 43412 [preauth]
May 12 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27461]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session closed for user p13x
May 12 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27546]: Successful su for rubyman by root
May 12 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27546]: + ??? root:rubyman
May 12 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378247 of user rubyman.
May 12 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27546]: pam_unix(su:session): session closed for user rubyman
May 12 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378247.
May 12 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27435]: Failed password for root from 190.244.25.245 port 34030 ssh2
May 12 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24456]: pam_unix(cron:session): session closed for user root
May 12 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27435]: Received disconnect from 190.244.25.245 port 34030:11: Bye Bye [preauth]
May 12 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27435]: Disconnected from 190.244.25.245 port 34030 [preauth]
May 12 10:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session closed for user samftp
May 12 10:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19  user=root
May 12 10:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session closed for user root
May 12 10:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: Failed password for root from 84.200.17.19 port 35334 ssh2
May 12 10:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: Received disconnect from 84.200.17.19 port 35334:11: Bye Bye [preauth]
May 12 10:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: Disconnected from 84.200.17.19 port 35334 [preauth]
May 12 10:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: Invalid user test from 181.115.178.66
May 12 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: input_userauth_request: invalid user test [preauth]
May 12 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27922]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27923]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27920]: pam_unix(cron:session): session closed for user p13x
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27986]: Successful su for rubyman by root
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27986]: + ??? root:rubyman
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378250 of user rubyman.
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27986]: pam_unix(su:session): session closed for user rubyman
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378250.
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: Failed password for invalid user test from 181.115.178.66 port 39216 ssh2
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: Received disconnect from 181.115.178.66 port 39216:11: Bye Bye [preauth]
May 12 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: Disconnected from 181.115.178.66 port 39216 [preauth]
May 12 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session closed for user root
May 12 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27921]: pam_unix(cron:session): session closed for user samftp
May 12 10:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Invalid user everson from 34.44.67.109
May 12 10:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: input_userauth_request: invalid user everson [preauth]
May 12 10:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109
May 12 10:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Failed password for invalid user everson from 34.44.67.109 port 60972 ssh2
May 12 10:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Received disconnect from 34.44.67.109 port 60972:11: Bye Bye [preauth]
May 12 10:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Disconnected from 34.44.67.109 port 60972 [preauth]
May 12 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26876]: pam_unix(cron:session): session closed for user root
May 12 10:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May 12 10:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42  user=root
May 12 10:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Failed password for root from 193.70.84.184 port 46234 ssh2
May 12 10:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Connection closed by 193.70.84.184 port 46234 [preauth]
May 12 10:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28308]: Failed password for root from 195.158.24.42 port 35244 ssh2
May 12 10:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28308]: Received disconnect from 195.158.24.42 port 35244:11: Bye Bye [preauth]
May 12 10:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28308]: Disconnected from 195.158.24.42 port 35244 [preauth]
May 12 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28332]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28333]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28330]: pam_unix(cron:session): session closed for user p13x
May 12 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28399]: Successful su for rubyman by root
May 12 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28399]: + ??? root:rubyman
May 12 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378254 of user rubyman.
May 12 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28399]: pam_unix(su:session): session closed for user rubyman
May 12 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378254.
May 12 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25327]: pam_unix(cron:session): session closed for user root
May 12 10:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28331]: pam_unix(cron:session): session closed for user samftp
May 12 10:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: Failed password for root from 218.92.0.179 port 40928 ssh2
May 12 10:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 40928 ssh2]
May 12 10:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: Received disconnect from 218.92.0.179 port 40928:11:  [preauth]
May 12 10:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: Disconnected from 218.92.0.179 port 40928 [preauth]
May 12 10:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: Invalid user ftp1 from 188.17.148.221
May 12 10:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: input_userauth_request: invalid user ftp1 [preauth]
May 12 10:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
May 12 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: Failed password for invalid user ftp1 from 188.17.148.221 port 45912 ssh2
May 12 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: Received disconnect from 188.17.148.221 port 45912:11: Bye Bye [preauth]
May 12 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: Disconnected from 188.17.148.221 port 45912 [preauth]
May 12 10:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27461]: pam_unix(cron:session): session closed for user root
May 12 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6  user=root
May 12 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: Failed password for root from 181.49.50.6 port 36628 ssh2
May 12 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: Received disconnect from 181.49.50.6 port 36628:11: Bye Bye [preauth]
May 12 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: Disconnected from 181.49.50.6 port 36628 [preauth]
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28746]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28743]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28745]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28746]: pam_unix(cron:session): session closed for user root
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28741]: pam_unix(cron:session): session closed for user p13x
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28811]: Successful su for rubyman by root
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28811]: + ??? root:rubyman
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378257 of user rubyman.
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28811]: pam_unix(su:session): session closed for user rubyman
May 12 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378257.
May 12 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25796]: pam_unix(cron:session): session closed for user root
May 12 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28743]: pam_unix(cron:session): session closed for user root
May 12 10:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28742]: pam_unix(cron:session): session closed for user samftp
May 12 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27923]: pam_unix(cron:session): session closed for user root
May 12 10:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29269]: Invalid user ftp1 from 47.234.143.55
May 12 10:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29269]: input_userauth_request: invalid user ftp1 [preauth]
May 12 10:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29269]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55
May 12 10:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29269]: Failed password for invalid user ftp1 from 47.234.143.55 port 46146 ssh2
May 12 10:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29269]: Received disconnect from 47.234.143.55 port 46146:11: Bye Bye [preauth]
May 12 10:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29269]: Disconnected from 47.234.143.55 port 46146 [preauth]
May 12 10:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29280]: Invalid user huangmin from 190.103.202.7
May 12 10:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29280]: input_userauth_request: invalid user huangmin [preauth]
May 12 10:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29280]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 10:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29280]: Failed password for invalid user huangmin from 190.103.202.7 port 56400 ssh2
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29285]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29286]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29283]: pam_unix(cron:session): session closed for user p13x
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29280]: Connection closed by 190.103.202.7 port 56400 [preauth]
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29353]: Successful su for rubyman by root
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29353]: + ??? root:rubyman
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378263 of user rubyman.
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29353]: pam_unix(su:session): session closed for user rubyman
May 12 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378263.
May 12 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26243]: pam_unix(cron:session): session closed for user root
May 12 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29284]: pam_unix(cron:session): session closed for user samftp
May 12 10:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: Invalid user master from 45.6.188.43
May 12 10:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: input_userauth_request: invalid user master [preauth]
May 12 10:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 12 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28333]: pam_unix(cron:session): session closed for user root
May 12 10:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: Failed password for invalid user master from 45.6.188.43 port 54184 ssh2
May 12 10:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: Connection closed by 45.6.188.43 port 54184 [preauth]
May 12 10:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Invalid user admin from 190.244.25.245
May 12 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: input_userauth_request: invalid user admin [preauth]
May 12 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Failed password for invalid user admin from 190.244.25.245 port 47924 ssh2
May 12 10:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Received disconnect from 190.244.25.245 port 47924:11: Bye Bye [preauth]
May 12 10:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Disconnected from 190.244.25.245 port 47924 [preauth]
May 12 10:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29717]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29716]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29714]: pam_unix(cron:session): session closed for user p13x
May 12 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29778]: Successful su for rubyman by root
May 12 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29778]: + ??? root:rubyman
May 12 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378267 of user rubyman.
May 12 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29778]: pam_unix(su:session): session closed for user rubyman
May 12 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378267.
May 12 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: Failed password for root from 218.92.0.179 port 32729 ssh2
May 12 10:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26875]: pam_unix(cron:session): session closed for user root
May 12 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19  user=root
May 12 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: Failed password for root from 218.92.0.179 port 32729 ssh2
May 12 10:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29715]: pam_unix(cron:session): session closed for user samftp
May 12 10:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Failed password for root from 84.200.17.19 port 46446 ssh2
May 12 10:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Received disconnect from 84.200.17.19 port 46446:11: Bye Bye [preauth]
May 12 10:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Disconnected from 84.200.17.19 port 46446 [preauth]
May 12 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: Failed password for root from 218.92.0.179 port 32729 ssh2
May 12 10:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28745]: pam_unix(cron:session): session closed for user root
May 12 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Invalid user admin from 80.94.95.112
May 12 10:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: input_userauth_request: invalid user admin [preauth]
May 12 10:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 10:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May 12 10:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Failed password for invalid user admin from 80.94.95.112 port 47631 ssh2
May 12 10:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for root from 186.233.208.13 port 40972 ssh2
May 12 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Received disconnect from 186.233.208.13 port 40972:11: Bye Bye [preauth]
May 12 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Disconnected from 186.233.208.13 port 40972 [preauth]
May 12 10:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Failed password for invalid user admin from 80.94.95.112 port 47631 ssh2
May 12 10:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Failed password for invalid user admin from 80.94.95.112 port 47631 ssh2
May 12 10:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Invalid user opsadmin from 190.244.25.245
May 12 10:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: input_userauth_request: invalid user opsadmin [preauth]
May 12 10:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Failed password for invalid user admin from 80.94.95.112 port 47631 ssh2
May 12 10:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Failed password for invalid user opsadmin from 190.244.25.245 port 46574 ssh2
May 12 10:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Received disconnect from 190.244.25.245 port 46574:11: Bye Bye [preauth]
May 12 10:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Disconnected from 190.244.25.245 port 46574 [preauth]
May 12 10:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Failed password for invalid user admin from 80.94.95.112 port 47631 ssh2
May 12 10:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Received disconnect from 80.94.95.112 port 47631:11: Bye [preauth]
May 12 10:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Disconnected from 80.94.95.112 port 47631 [preauth]
May 12 10:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 10:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 10:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109  user=root
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30134]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30133]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30131]: pam_unix(cron:session): session closed for user p13x
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Failed password for root from 34.44.67.109 port 46274 ssh2
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Received disconnect from 34.44.67.109 port 46274:11: Bye Bye [preauth]
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Disconnected from 34.44.67.109 port 46274 [preauth]
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30192]: Successful su for rubyman by root
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30192]: + ??? root:rubyman
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378271 of user rubyman.
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30192]: pam_unix(su:session): session closed for user rubyman
May 12 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378271.
May 12 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session closed for user root
May 12 10:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30132]: pam_unix(cron:session): session closed for user samftp
May 12 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29286]: pam_unix(cron:session): session closed for user root
May 12 10:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30475]: Invalid user mohammad from 181.115.178.66
May 12 10:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30475]: input_userauth_request: invalid user mohammad [preauth]
May 12 10:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30475]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 10:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30475]: Failed password for invalid user mohammad from 181.115.178.66 port 40950 ssh2
May 12 10:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30475]: Received disconnect from 181.115.178.66 port 40950:11: Bye Bye [preauth]
May 12 10:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30475]: Disconnected from 181.115.178.66 port 40950 [preauth]
May 12 10:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 10:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: Invalid user wli from 188.17.148.221
May 12 10:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: input_userauth_request: invalid user wli [preauth]
May 12 10:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
May 12 10:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: Failed password for root from 80.94.95.15 port 56664 ssh2
May 12 10:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: Failed password for invalid user wli from 188.17.148.221 port 48424 ssh2
May 12 10:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: Received disconnect from 188.17.148.221 port 48424:11: Bye Bye [preauth]
May 12 10:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: Disconnected from 188.17.148.221 port 48424 [preauth]
May 12 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: Invalid user sakura from 195.158.24.42
May 12 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: input_userauth_request: invalid user sakura [preauth]
May 12 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: Failed password for root from 80.94.95.15 port 56664 ssh2
May 12 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: Failed password for invalid user sakura from 195.158.24.42 port 37322 ssh2
May 12 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: Received disconnect from 195.158.24.42 port 37322:11: Bye Bye [preauth]
May 12 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: Disconnected from 195.158.24.42 port 37322 [preauth]
May 12 10:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: Failed password for root from 80.94.95.15 port 56664 ssh2
May 12 10:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: message repeated 2 times: [ Failed password for root from 80.94.95.15 port 56664 ssh2]
May 12 10:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: Received disconnect from 80.94.95.15 port 56664:11: Bye [preauth]
May 12 10:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: Disconnected from 80.94.95.15 port 56664 [preauth]
May 12 10:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 10:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30531]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session closed for user p13x
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30649]: Successful su for rubyman by root
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30649]: + ??? root:rubyman
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378276 of user rubyman.
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30649]: pam_unix(su:session): session closed for user rubyman
May 12 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378276.
May 12 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30531]: pam_unix(cron:session): session closed for user root
May 12 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27922]: pam_unix(cron:session): session closed for user root
May 12 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30534]: pam_unix(cron:session): session closed for user samftp
May 12 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29717]: pam_unix(cron:session): session closed for user root
May 12 10:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6  user=root
May 12 10:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: Failed password for root from 181.49.50.6 port 44256 ssh2
May 12 10:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: Received disconnect from 181.49.50.6 port 44256:11: Bye Bye [preauth]
May 12 10:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: Disconnected from 181.49.50.6 port 44256 [preauth]
May 12 10:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31129]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31132]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31131]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31130]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31132]: pam_unix(cron:session): session closed for user root
May 12 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31127]: pam_unix(cron:session): session closed for user p13x
May 12 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: Successful su for rubyman by root
May 12 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: + ??? root:rubyman
May 12 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378284 of user rubyman.
May 12 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: pam_unix(su:session): session closed for user rubyman
May 12 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378284.
May 12 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28332]: pam_unix(cron:session): session closed for user root
May 12 10:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31129]: pam_unix(cron:session): session closed for user root
May 12 10:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31128]: pam_unix(cron:session): session closed for user samftp
May 12 10:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30134]: pam_unix(cron:session): session closed for user root
May 12 10:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: Invalid user wli from 47.234.143.55
May 12 10:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: input_userauth_request: invalid user wli [preauth]
May 12 10:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55
May 12 10:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: Failed password for invalid user wli from 47.234.143.55 port 57042 ssh2
May 12 10:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: Received disconnect from 47.234.143.55 port 57042:11: Bye Bye [preauth]
May 12 10:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: Disconnected from 47.234.143.55 port 57042 [preauth]
May 12 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31582]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31579]: pam_unix(cron:session): session closed for user p13x
May 12 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31663]: Successful su for rubyman by root
May 12 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31663]: + ??? root:rubyman
May 12 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378287 of user rubyman.
May 12 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31663]: pam_unix(su:session): session closed for user rubyman
May 12 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378287.
May 12 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session closed for user root
May 12 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session closed for user samftp
May 12 10:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: Invalid user ftpuser from 84.200.17.19
May 12 10:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: input_userauth_request: invalid user ftpuser [preauth]
May 12 10:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19
May 12 10:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: Failed password for invalid user ftpuser from 84.200.17.19 port 57288 ssh2
May 12 10:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: Received disconnect from 84.200.17.19 port 57288:11: Bye Bye [preauth]
May 12 10:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: Disconnected from 84.200.17.19 port 57288 [preauth]
May 12 10:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session closed for user root
May 12 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32294]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32287]: pam_unix(cron:session): session closed for user p13x
May 12 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32376]: Successful su for rubyman by root
May 12 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32376]: + ??? root:rubyman
May 12 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378290 of user rubyman.
May 12 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32376]: pam_unix(su:session): session closed for user rubyman
May 12 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378290.
May 12 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29285]: pam_unix(cron:session): session closed for user root
May 12 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32288]: pam_unix(cron:session): session closed for user samftp
May 12 10:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May 12 10:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Failed password for root from 218.92.0.216 port 45370 ssh2
May 12 10:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: message repeated 2 times: [ Failed password for root from 218.92.0.216 port 45370 ssh2]
May 12 10:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Received disconnect from 218.92.0.216 port 45370:11:  [preauth]
May 12 10:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Disconnected from 218.92.0.216 port 45370 [preauth]
May 12 10:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May 12 10:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Invalid user ec2-user from 34.44.67.109
May 12 10:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: input_userauth_request: invalid user ec2-user [preauth]
May 12 10:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109
May 12 10:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Failed password for invalid user ec2-user from 34.44.67.109 port 44660 ssh2
May 12 10:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Received disconnect from 34.44.67.109 port 44660:11: Bye Bye [preauth]
May 12 10:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Disconnected from 34.44.67.109 port 44660 [preauth]
May 12 10:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32748]: Invalid user gray from 190.244.25.245
May 12 10:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32748]: input_userauth_request: invalid user gray [preauth]
May 12 10:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32748]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32748]: Failed password for invalid user gray from 190.244.25.245 port 40634 ssh2
May 12 10:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32748]: Received disconnect from 190.244.25.245 port 40634:11: Bye Bye [preauth]
May 12 10:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32748]: Disconnected from 190.244.25.245 port 40634 [preauth]
May 12 10:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31131]: pam_unix(cron:session): session closed for user root
May 12 10:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68  user=root
May 12 10:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Failed password for root from 103.41.98.68 port 41648 ssh2
May 12 10:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Received disconnect from 103.41.98.68 port 41648:11: Bye Bye [preauth]
May 12 10:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Disconnected from 103.41.98.68 port 41648 [preauth]
May 12 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[416]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[417]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[414]: pam_unix(cron:session): session closed for user p13x
May 12 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[511]: Successful su for rubyman by root
May 12 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[511]: + ??? root:rubyman
May 12 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378295 of user rubyman.
May 12 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[511]: pam_unix(su:session): session closed for user rubyman
May 12 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378295.
May 12 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29716]: pam_unix(cron:session): session closed for user root
May 12 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[415]: pam_unix(cron:session): session closed for user samftp
May 12 10:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221  user=root
May 12 10:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Failed password for root from 188.17.148.221 port 50952 ssh2
May 12 10:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Received disconnect from 188.17.148.221 port 50952:11: Bye Bye [preauth]
May 12 10:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Disconnected from 188.17.148.221 port 50952 [preauth]
May 12 10:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 10:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: Failed password for root from 190.244.25.245 port 33012 ssh2
May 12 10:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: Received disconnect from 190.244.25.245 port 33012:11: Bye Bye [preauth]
May 12 10:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: Disconnected from 190.244.25.245 port 33012 [preauth]
May 12 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31582]: pam_unix(cron:session): session closed for user root
May 12 10:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42  user=root
May 12 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: Failed password for root from 195.158.24.42 port 38700 ssh2
May 12 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: Received disconnect from 195.158.24.42 port 38700:11: Bye Bye [preauth]
May 12 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: Disconnected from 195.158.24.42 port 38700 [preauth]
May 12 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session closed for user p13x
May 12 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[980]: Successful su for rubyman by root
May 12 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[980]: + ??? root:rubyman
May 12 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378300 of user rubyman.
May 12 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[980]: pam_unix(su:session): session closed for user rubyman
May 12 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378300.
May 12 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30133]: pam_unix(cron:session): session closed for user root
May 12 10:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[902]: pam_unix(cron:session): session closed for user samftp
May 12 10:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66  user=root
May 12 10:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: Failed password for root from 181.115.178.66 port 53656 ssh2
May 12 10:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: Received disconnect from 181.115.178.66 port 53656:11: Bye Bye [preauth]
May 12 10:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: Disconnected from 181.115.178.66 port 53656 [preauth]
May 12 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session closed for user root
May 12 10:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Invalid user group1 from 181.49.50.6
May 12 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: input_userauth_request: invalid user group1 [preauth]
May 12 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6
May 12 10:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Failed password for invalid user group1 from 181.49.50.6 port 51864 ssh2
May 12 10:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Received disconnect from 181.49.50.6 port 51864:11: Bye Bye [preauth]
May 12 10:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Disconnected from 181.49.50.6 port 51864 [preauth]
May 12 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1394]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1393]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1395]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session closed for user root
May 12 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1390]: pam_unix(cron:session): session closed for user p13x
May 12 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1488]: Successful su for rubyman by root
May 12 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1488]: + ??? root:rubyman
May 12 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378304 of user rubyman.
May 12 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1488]: pam_unix(su:session): session closed for user rubyman
May 12 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378304.
May 12 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1393]: pam_unix(cron:session): session closed for user root
May 12 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session closed for user root
May 12 10:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1392]: pam_unix(cron:session): session closed for user samftp
May 12 10:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 10:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: Failed password for root from 80.94.95.125 port 21363 ssh2
May 12 10:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: Received disconnect from 80.94.95.125 port 21363:11: Bye [preauth]
May 12 10:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: Disconnected from 80.94.95.125 port 21363 [preauth]
May 12 10:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55  user=root
May 12 10:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: Failed password for root from 47.234.143.55 port 39654 ssh2
May 12 10:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: Received disconnect from 47.234.143.55 port 39654:11: Bye Bye [preauth]
May 12 10:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: Disconnected from 47.234.143.55 port 39654 [preauth]
May 12 10:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[417]: pam_unix(cron:session): session closed for user root
May 12 10:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19  user=root
May 12 10:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1888]: Failed password for root from 84.200.17.19 port 37516 ssh2
May 12 10:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1888]: Received disconnect from 84.200.17.19 port 37516:11: Bye Bye [preauth]
May 12 10:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1888]: Disconnected from 84.200.17.19 port 37516 [preauth]
May 12 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1983]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1982]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1979]: pam_unix(cron:session): session closed for user p13x
May 12 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: Successful su for rubyman by root
May 12 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: + ??? root:rubyman
May 12 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378308 of user rubyman.
May 12 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: pam_unix(su:session): session closed for user rubyman
May 12 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378308.
May 12 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31130]: pam_unix(cron:session): session closed for user root
May 12 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1981]: pam_unix(cron:session): session closed for user samftp
May 12 10:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Invalid user wli from 34.44.67.109
May 12 10:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: input_userauth_request: invalid user wli [preauth]
May 12 10:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109
May 12 10:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Failed password for invalid user wli from 34.44.67.109 port 44204 ssh2
May 12 10:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Received disconnect from 34.44.67.109 port 44204:11: Bye Bye [preauth]
May 12 10:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Disconnected from 34.44.67.109 port 44204 [preauth]
May 12 10:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session closed for user root
May 12 10:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Failed password for root from 218.92.0.179 port 39150 ssh2
May 12 10:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Received disconnect from 218.92.0.179 port 39150:11:  [preauth]
May 12 10:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Disconnected from 218.92.0.179 port 39150 [preauth]
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2437]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session closed for user root
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2434]: pam_unix(cron:session): session closed for user p13x
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2504]: Successful su for rubyman by root
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2504]: + ??? root:rubyman
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378312 of user rubyman.
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2504]: pam_unix(su:session): session closed for user rubyman
May 12 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378312.
May 12 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session closed for user root
May 12 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2435]: pam_unix(cron:session): session closed for user samftp
May 12 10:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221  user=root
May 12 10:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May 12 10:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2754]: Failed password for root from 188.17.148.221 port 53464 ssh2
May 12 10:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2754]: Received disconnect from 188.17.148.221 port 53464:11: Bye Bye [preauth]
May 12 10:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2754]: Disconnected from 188.17.148.221 port 53464 [preauth]
May 12 10:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Failed password for root from 218.92.0.211 port 50342 ssh2
May 12 10:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: message repeated 2 times: [ Failed password for root from 218.92.0.211 port 50342 ssh2]
May 12 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1395]: pam_unix(cron:session): session closed for user root
May 12 10:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Failed password for root from 218.92.0.211 port 50342 ssh2
May 12 10:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Failed password for root from 218.92.0.211 port 50342 ssh2
May 12 10:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 50342 ssh2 [preauth]
May 12 10:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Disconnecting: Too many authentication failures [preauth]
May 12 10:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May 12 10:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 10:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2880]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2879]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2875]: pam_unix(cron:session): session closed for user p13x
May 12 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2945]: Successful su for rubyman by root
May 12 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2945]: + ??? root:rubyman
May 12 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378318 of user rubyman.
May 12 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2945]: pam_unix(su:session): session closed for user rubyman
May 12 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378318.
May 12 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32294]: pam_unix(cron:session): session closed for user root
May 12 10:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2878]: pam_unix(cron:session): session closed for user samftp
May 12 10:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 10:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Failed password for root from 190.244.25.245 port 59386 ssh2
May 12 10:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Received disconnect from 190.244.25.245 port 59386:11: Bye Bye [preauth]
May 12 10:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Disconnected from 190.244.25.245 port 59386 [preauth]
May 12 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1983]: pam_unix(cron:session): session closed for user root
May 12 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3291]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session closed for user p13x
May 12 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3354]: Successful su for rubyman by root
May 12 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3354]: + ??? root:rubyman
May 12 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378321 of user rubyman.
May 12 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3354]: pam_unix(su:session): session closed for user rubyman
May 12 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378321.
May 12 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[416]: pam_unix(cron:session): session closed for user root
May 12 10:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3289]: pam_unix(cron:session): session closed for user samftp
May 12 10:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Invalid user t from 195.158.24.42
May 12 10:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: input_userauth_request: invalid user t [preauth]
May 12 10:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 10:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Failed password for invalid user t from 195.158.24.42 port 32998 ssh2
May 12 10:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Received disconnect from 195.158.24.42 port 32998:11: Bye Bye [preauth]
May 12 10:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Disconnected from 195.158.24.42 port 32998 [preauth]
May 12 10:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: Invalid user mckenzie from 190.244.25.245
May 12 10:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: input_userauth_request: invalid user mckenzie [preauth]
May 12 10:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: Failed password for invalid user mckenzie from 190.244.25.245 port 35282 ssh2
May 12 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: Received disconnect from 190.244.25.245 port 35282:11: Bye Bye [preauth]
May 12 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: Disconnected from 190.244.25.245 port 35282 [preauth]
May 12 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2437]: pam_unix(cron:session): session closed for user root
May 12 10:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: Invalid user everson from 47.234.143.55
May 12 10:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: input_userauth_request: invalid user everson [preauth]
May 12 10:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55
May 12 10:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: Failed password for invalid user everson from 47.234.143.55 port 50408 ssh2
May 12 10:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: Received disconnect from 47.234.143.55 port 50408:11: Bye Bye [preauth]
May 12 10:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: Disconnected from 47.234.143.55 port 50408 [preauth]
May 12 10:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6  user=root
May 12 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: Failed password for root from 181.49.50.6 port 59486 ssh2
May 12 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: Received disconnect from 181.49.50.6 port 59486:11: Bye Bye [preauth]
May 12 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: Disconnected from 181.49.50.6 port 59486 [preauth]
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3751]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3752]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3753]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session closed for user root
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3749]: pam_unix(cron:session): session closed for user p13x
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: Successful su for rubyman by root
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: + ??? root:rubyman
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378327 of user rubyman.
May 12 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: pam_unix(su:session): session closed for user rubyman
May 12 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378327.
May 12 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3751]: pam_unix(cron:session): session closed for user root
May 12 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session closed for user root
May 12 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68  user=root
May 12 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3750]: pam_unix(cron:session): session closed for user samftp
May 12 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Failed password for root from 103.41.98.68 port 42438 ssh2
May 12 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Received disconnect from 103.41.98.68 port 42438:11: Bye Bye [preauth]
May 12 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Disconnected from 103.41.98.68 port 42438 [preauth]
May 12 10:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May 12 10:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Failed password for root from 218.92.0.221 port 58710 ssh2
May 12 10:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Failed password for root from 218.92.0.221 port 58710 ssh2
May 12 10:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Failed password for root from 218.92.0.221 port 58710 ssh2
May 12 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Invalid user home from 181.115.178.66
May 12 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: input_userauth_request: invalid user home [preauth]
May 12 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Received disconnect from 218.92.0.221 port 58710:11:  [preauth]
May 12 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Disconnected from 218.92.0.221 port 58710 [preauth]
May 12 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May 12 10:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Failed password for invalid user home from 181.115.178.66 port 37088 ssh2
May 12 10:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Received disconnect from 181.115.178.66 port 37088:11: Bye Bye [preauth]
May 12 10:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Disconnected from 181.115.178.66 port 37088 [preauth]
May 12 10:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19  user=root
May 12 10:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4112]: Failed password for root from 84.200.17.19 port 52574 ssh2
May 12 10:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4112]: Received disconnect from 84.200.17.19 port 52574:11: Bye Bye [preauth]
May 12 10:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4112]: Disconnected from 84.200.17.19 port 52574 [preauth]
May 12 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2880]: pam_unix(cron:session): session closed for user root
May 12 10:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109  user=root
May 12 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: Failed password for root from 34.44.67.109 port 38870 ssh2
May 12 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: Received disconnect from 34.44.67.109 port 38870:11: Bye Bye [preauth]
May 12 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: Disconnected from 34.44.67.109 port 38870 [preauth]
May 12 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4226]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4224]: pam_unix(cron:session): session closed for user p13x
May 12 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: Successful su for rubyman by root
May 12 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: + ??? root:rubyman
May 12 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378331 of user rubyman.
May 12 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: pam_unix(su:session): session closed for user rubyman
May 12 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378331.
May 12 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1394]: pam_unix(cron:session): session closed for user root
May 12 10:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4225]: pam_unix(cron:session): session closed for user samftp
May 12 10:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3291]: pam_unix(cron:session): session closed for user root
May 12 10:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221  user=root
May 12 10:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4745]: Failed password for root from 188.17.148.221 port 55984 ssh2
May 12 10:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4745]: Received disconnect from 188.17.148.221 port 55984:11: Bye Bye [preauth]
May 12 10:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4745]: Disconnected from 188.17.148.221 port 55984 [preauth]
May 12 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4806]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4801]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4799]: pam_unix(cron:session): session closed for user p13x
May 12 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4872]: Successful su for rubyman by root
May 12 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4872]: + ??? root:rubyman
May 12 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378335 of user rubyman.
May 12 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4872]: pam_unix(su:session): session closed for user rubyman
May 12 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378335.
May 12 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1982]: pam_unix(cron:session): session closed for user root
May 12 10:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4800]: pam_unix(cron:session): session closed for user samftp
May 12 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3753]: pam_unix(cron:session): session closed for user root
May 12 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session closed for user p13x
May 12 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5482]: Successful su for rubyman by root
May 12 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5482]: + ??? root:rubyman
May 12 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378339 of user rubyman.
May 12 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5482]: pam_unix(su:session): session closed for user rubyman
May 12 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378339.
May 12 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session closed for user root
May 12 10:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session closed for user samftp
May 12 10:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Failed password for root from 218.92.0.179 port 45062 ssh2
May 12 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4227]: pam_unix(cron:session): session closed for user root
May 12 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Failed password for root from 218.92.0.179 port 45062 ssh2
May 12 10:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Failed password for root from 218.92.0.179 port 45062 ssh2
May 12 10:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Invalid user rtc from 190.244.25.245
May 12 10:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: input_userauth_request: invalid user rtc [preauth]
May 12 10:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Failed password for invalid user rtc from 190.244.25.245 port 49758 ssh2
May 12 10:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Received disconnect from 190.244.25.245 port 49758:11: Bye Bye [preauth]
May 12 10:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Disconnected from 190.244.25.245 port 49758 [preauth]
May 12 10:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May 12 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5974]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5973]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5971]: pam_unix(cron:session): session closed for user p13x
May 12 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6043]: Successful su for rubyman by root
May 12 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6043]: + ??? root:rubyman
May 12 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378344 of user rubyman.
May 12 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6043]: pam_unix(su:session): session closed for user rubyman
May 12 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378344.
May 12 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Failed password for root from 218.92.0.112 port 17174 ssh2
May 12 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2879]: pam_unix(cron:session): session closed for user root
May 12 10:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5972]: pam_unix(cron:session): session closed for user samftp
May 12 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Received disconnect from 218.92.0.112 port 17174:11:  [preauth]
May 12 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Disconnected from 218.92.0.112 port 17174 [preauth]
May 12 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May 12 10:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Failed password for root from 218.92.0.112 port 29090 ssh2
May 12 10:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42  user=root
May 12 10:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Failed password for root from 195.158.24.42 port 32838 ssh2
May 12 10:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Received disconnect from 195.158.24.42 port 32838:11: Bye Bye [preauth]
May 12 10:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Disconnected from 195.158.24.42 port 32838 [preauth]
May 12 10:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Received disconnect from 218.92.0.112 port 29090:11:  [preauth]
May 12 10:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Disconnected from 218.92.0.112 port 29090 [preauth]
May 12 10:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4806]: pam_unix(cron:session): session closed for user root
May 12 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 10:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Invalid user tommy from 47.234.143.55
May 12 10:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: input_userauth_request: invalid user tommy [preauth]
May 12 10:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55
May 12 10:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: Failed password for root from 218.92.0.198 port 47498 ssh2
May 12 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Failed password for invalid user tommy from 47.234.143.55 port 59086 ssh2
May 12 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Received disconnect from 47.234.143.55 port 59086:11: Bye Bye [preauth]
May 12 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Disconnected from 47.234.143.55 port 59086 [preauth]
May 12 10:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: Failed password for root from 218.92.0.198 port 47498 ssh2
May 12 10:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: Failed password for root from 218.92.0.198 port 47498 ssh2
May 12 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: Received disconnect from 218.92.0.198 port 47498:11:  [preauth]
May 12 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: Disconnected from 218.92.0.198 port 47498 [preauth]
May 12 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 10:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Failed password for root from 218.92.0.198 port 56000 ssh2
May 12 10:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 56000 ssh2]
May 12 10:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Received disconnect from 218.92.0.198 port 56000:11:  [preauth]
May 12 10:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Disconnected from 218.92.0.198 port 56000 [preauth]
May 12 10:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 10:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 10:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Failed password for root from 218.92.0.198 port 56006 ssh2
May 12 10:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Invalid user mohammad from 190.244.25.245
May 12 10:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: input_userauth_request: invalid user mohammad [preauth]
May 12 10:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Failed password for root from 218.92.0.198 port 56006 ssh2
May 12 10:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Failed password for invalid user mohammad from 190.244.25.245 port 33878 ssh2
May 12 10:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Received disconnect from 190.244.25.245 port 33878:11: Bye Bye [preauth]
May 12 10:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Disconnected from 190.244.25.245 port 33878 [preauth]
May 12 10:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Failed password for root from 218.92.0.198 port 56006 ssh2
May 12 10:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Received disconnect from 218.92.0.198 port 56006:11:  [preauth]
May 12 10:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Disconnected from 218.92.0.198 port 56006 [preauth]
May 12 10:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 10:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19  user=root
May 12 10:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Failed password for root from 84.200.17.19 port 42708 ssh2
May 12 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Received disconnect from 84.200.17.19 port 42708:11: Bye Bye [preauth]
May 12 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Disconnected from 84.200.17.19 port 42708 [preauth]
May 12 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6  user=root
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session closed for user root
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session closed for user p13x
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: Successful su for rubyman by root
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: + ??? root:rubyman
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378349 of user rubyman.
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: pam_unix(su:session): session closed for user rubyman
May 12 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378349.
May 12 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Failed password for root from 181.49.50.6 port 38886 ssh2
May 12 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Received disconnect from 181.49.50.6 port 38886:11: Bye Bye [preauth]
May 12 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Disconnected from 181.49.50.6 port 38886 [preauth]
May 12 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session closed for user root
May 12 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session closed for user root
May 12 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session closed for user samftp
May 12 10:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: Invalid user amule from 34.44.67.109
May 12 10:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: input_userauth_request: invalid user amule [preauth]
May 12 10:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109
May 12 10:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: Failed password for invalid user amule from 34.44.67.109 port 40864 ssh2
May 12 10:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: Received disconnect from 34.44.67.109 port 40864:11: Bye Bye [preauth]
May 12 10:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: Disconnected from 34.44.67.109 port 40864 [preauth]
May 12 10:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session closed for user root
May 12 10:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68  user=root
May 12 10:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Failed password for root from 103.41.98.68 port 52608 ssh2
May 12 10:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Received disconnect from 103.41.98.68 port 52608:11: Bye Bye [preauth]
May 12 10:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Disconnected from 103.41.98.68 port 52608 [preauth]
May 12 10:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Invalid user ram from 188.17.148.221
May 12 10:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: input_userauth_request: invalid user ram [preauth]
May 12 10:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
May 12 10:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Failed password for invalid user ram from 188.17.148.221 port 58498 ssh2
May 12 10:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Received disconnect from 188.17.148.221 port 58498:11: Bye Bye [preauth]
May 12 10:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Disconnected from 188.17.148.221 port 58498 [preauth]
May 12 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6853]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6850]: pam_unix(cron:session): session closed for user p13x
May 12 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7008]: Successful su for rubyman by root
May 12 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7008]: + ??? root:rubyman
May 12 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378353 of user rubyman.
May 12 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7008]: pam_unix(su:session): session closed for user rubyman
May 12 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378353.
May 12 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3752]: pam_unix(cron:session): session closed for user root
May 12 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6852]: pam_unix(cron:session): session closed for user samftp
May 12 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Invalid user timothee from 181.115.178.66
May 12 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: input_userauth_request: invalid user timothee [preauth]
May 12 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Failed password for invalid user timothee from 181.115.178.66 port 34560 ssh2
May 12 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Received disconnect from 181.115.178.66 port 34560:11: Bye Bye [preauth]
May 12 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Disconnected from 181.115.178.66 port 34560 [preauth]
May 12 10:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: Invalid user zyfwp from 222.221.254.162
May 12 10:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: input_userauth_request: invalid user zyfwp [preauth]
May 12 10:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.221.254.162
May 12 10:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: Failed password for invalid user zyfwp from 222.221.254.162 port 48361 ssh2
May 12 10:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: Connection closed by 222.221.254.162 port 48361 [preauth]
May 12 10:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5974]: pam_unix(cron:session): session closed for user root
May 12 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7380]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7381]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7378]: pam_unix(cron:session): session closed for user p13x
May 12 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7437]: Successful su for rubyman by root
May 12 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7437]: + ??? root:rubyman
May 12 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378359 of user rubyman.
May 12 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7437]: pam_unix(su:session): session closed for user rubyman
May 12 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378359.
May 12 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4226]: pam_unix(cron:session): session closed for user root
May 12 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7379]: pam_unix(cron:session): session closed for user samftp
May 12 10:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session closed for user root
May 12 10:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 10:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: Failed password for root from 218.92.0.229 port 53158 ssh2
May 12 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 53158 ssh2]
May 12 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: Received disconnect from 218.92.0.229 port 53158:11:  [preauth]
May 12 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: Disconnected from 218.92.0.229 port 53158 [preauth]
May 12 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 10:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: Failed password for root from 218.92.0.229 port 53160 ssh2
May 12 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: Failed password for root from 218.92.0.229 port 53160 ssh2
May 12 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7915]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7916]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7913]: pam_unix(cron:session): session closed for user p13x
May 12 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7983]: Successful su for rubyman by root
May 12 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7983]: + ??? root:rubyman
May 12 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378361 of user rubyman.
May 12 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7983]: pam_unix(su:session): session closed for user rubyman
May 12 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378361.
May 12 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: Failed password for root from 218.92.0.229 port 53160 ssh2
May 12 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4801]: pam_unix(cron:session): session closed for user root
May 12 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7914]: pam_unix(cron:session): session closed for user samftp
May 12 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session closed for user root
May 12 10:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 10:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: Failed password for root from 218.92.0.179 port 12972 ssh2
May 12 10:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: Failed password for root from 80.94.95.125 port 55165 ssh2
May 12 10:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: Received disconnect from 80.94.95.125 port 55165:11: Bye [preauth]
May 12 10:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: Disconnected from 80.94.95.125 port 55165 [preauth]
May 12 10:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: Failed password for root from 218.92.0.179 port 12972 ssh2
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8348]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8349]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8346]: pam_unix(cron:session): session closed for user p13x
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: Failed password for root from 218.92.0.179 port 12972 ssh2
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8408]: Successful su for rubyman by root
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8408]: + ??? root:rubyman
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: Received disconnect from 218.92.0.179 port 12972:11:  [preauth]
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: Disconnected from 218.92.0.179 port 12972 [preauth]
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378366 of user rubyman.
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8408]: pam_unix(su:session): session closed for user rubyman
May 12 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378366.
May 12 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session closed for user root
May 12 10:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8347]: pam_unix(cron:session): session closed for user samftp
May 12 10:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May 12 10:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8611]: Failed password for root from 218.92.0.220 port 39060 ssh2
May 12 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Invalid user ram from 47.234.143.55
May 12 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: input_userauth_request: invalid user ram [preauth]
May 12 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55
May 12 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Failed password for invalid user ram from 47.234.143.55 port 39492 ssh2
May 12 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Received disconnect from 47.234.143.55 port 39492:11: Bye Bye [preauth]
May 12 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Disconnected from 47.234.143.55 port 39492 [preauth]
May 12 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Invalid user dm from 195.158.24.42
May 12 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: input_userauth_request: invalid user dm [preauth]
May 12 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Invalid user desliga from 84.200.17.19
May 12 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: input_userauth_request: invalid user desliga [preauth]
May 12 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19
May 12 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Failed password for invalid user dm from 195.158.24.42 port 54696 ssh2
May 12 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Failed password for invalid user desliga from 84.200.17.19 port 36416 ssh2
May 12 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Received disconnect from 84.200.17.19 port 36416:11: Bye Bye [preauth]
May 12 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Disconnected from 84.200.17.19 port 36416 [preauth]
May 12 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Received disconnect from 195.158.24.42 port 54696:11: Bye Bye [preauth]
May 12 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Disconnected from 195.158.24.42 port 54696 [preauth]
May 12 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May 12 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: Failed password for root from 218.92.0.220 port 56938 ssh2
May 12 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: Failed password for root from 218.92.0.220 port 56938 ssh2
May 12 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: Received disconnect from 218.92.0.220 port 56938:11:  [preauth]
May 12 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: Disconnected from 218.92.0.220 port 56938 [preauth]
May 12 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May 12 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Invalid user mohammad from 190.244.25.245
May 12 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: input_userauth_request: invalid user mohammad [preauth]
May 12 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Failed password for invalid user mohammad from 190.244.25.245 port 47134 ssh2
May 12 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Received disconnect from 190.244.25.245 port 47134:11: Bye Bye [preauth]
May 12 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Disconnected from 190.244.25.245 port 47134 [preauth]
May 12 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7381]: pam_unix(cron:session): session closed for user root
May 12 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109  user=root
May 12 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: Failed password for root from 34.44.67.109 port 33894 ssh2
May 12 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: Received disconnect from 34.44.67.109 port 33894:11: Bye Bye [preauth]
May 12 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: Disconnected from 34.44.67.109 port 33894 [preauth]
May 12 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: Invalid user proba from 181.49.50.6
May 12 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: input_userauth_request: invalid user proba [preauth]
May 12 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: Failed password for invalid user proba from 181.49.50.6 port 46482 ssh2
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8792]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8793]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8794]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8794]: pam_unix(cron:session): session closed for user root
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session closed for user p13x
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: Received disconnect from 181.49.50.6 port 46482:11: Bye Bye [preauth]
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: Disconnected from 181.49.50.6 port 46482 [preauth]
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: Successful su for rubyman by root
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: + ??? root:rubyman
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378371 of user rubyman.
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: pam_unix(su:session): session closed for user rubyman
May 12 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378371.
May 12 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session closed for user root
May 12 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5973]: pam_unix(cron:session): session closed for user root
May 12 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session closed for user samftp
May 12 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221  user=root
May 12 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9080]: Failed password for root from 188.17.148.221 port 32778 ssh2
May 12 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9080]: Received disconnect from 188.17.148.221 port 32778:11: Bye Bye [preauth]
May 12 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9080]: Disconnected from 188.17.148.221 port 32778 [preauth]
May 12 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 10:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: Failed password for root from 190.244.25.245 port 60572 ssh2
May 12 10:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: Received disconnect from 190.244.25.245 port 60572:11: Bye Bye [preauth]
May 12 10:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: Disconnected from 190.244.25.245 port 60572 [preauth]
May 12 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7916]: pam_unix(cron:session): session closed for user root
May 12 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9353]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9349]: pam_unix(cron:session): session closed for user p13x
May 12 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9420]: Successful su for rubyman by root
May 12 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9420]: + ??? root:rubyman
May 12 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378375 of user rubyman.
May 12 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9420]: pam_unix(su:session): session closed for user rubyman
May 12 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378375.
May 12 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session closed for user root
May 12 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session closed for user samftp
May 12 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68  user=root
May 12 10:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: Failed password for root from 103.41.98.68 port 35702 ssh2
May 12 10:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: Received disconnect from 103.41.98.68 port 35702:11: Bye Bye [preauth]
May 12 10:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: Disconnected from 103.41.98.68 port 35702 [preauth]
May 12 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8349]: pam_unix(cron:session): session closed for user root
May 12 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66  user=root
May 12 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: Failed password for root from 181.115.178.66 port 46820 ssh2
May 12 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: Received disconnect from 181.115.178.66 port 46820:11: Bye Bye [preauth]
May 12 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: Disconnected from 181.115.178.66 port 46820 [preauth]
May 12 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9761]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9762]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9759]: pam_unix(cron:session): session closed for user p13x
May 12 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: Successful su for rubyman by root
May 12 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: + ??? root:rubyman
May 12 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378382 of user rubyman.
May 12 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: pam_unix(su:session): session closed for user rubyman
May 12 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378382.
May 12 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6853]: pam_unix(cron:session): session closed for user root
May 12 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9760]: pam_unix(cron:session): session closed for user samftp
May 12 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: Invalid user test from 50.235.31.47
May 12 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: input_userauth_request: invalid user test [preauth]
May 12 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May 12 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: Failed password for invalid user test from 50.235.31.47 port 47216 ssh2
May 12 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: Connection closed by 50.235.31.47 port 47216 [preauth]
May 12 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8793]: pam_unix(cron:session): session closed for user root
May 12 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: Did not receive identification string from 115.190.72.203
May 12 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10170]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10169]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10167]: pam_unix(cron:session): session closed for user p13x
May 12 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10316]: Successful su for rubyman by root
May 12 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10316]: + ??? root:rubyman
May 12 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378383 of user rubyman.
May 12 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10316]: pam_unix(su:session): session closed for user rubyman
May 12 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378383.
May 12 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: Failed password for root from 115.190.72.203 port 37750 ssh2
May 12 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: Connection closed by 115.190.72.203 port 37750 [preauth]
May 12 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7380]: pam_unix(cron:session): session closed for user root
May 12 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10168]: pam_unix(cron:session): session closed for user samftp
May 12 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10477]: Failed password for root from 115.190.72.203 port 58618 ssh2
May 12 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10477]: Connection closed by 115.190.72.203 port 58618 [preauth]
May 12 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: Failed password for root from 115.190.72.203 port 58624 ssh2
May 12 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: Connection closed by 115.190.72.203 port 58624 [preauth]
May 12 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10550]: Failed password for root from 115.190.72.203 port 36154 ssh2
May 12 10:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10550]: Connection closed by 115.190.72.203 port 36154 [preauth]
May 12 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: Failed password for root from 115.190.72.203 port 49834 ssh2
May 12 10:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: Connection closed by 115.190.72.203 port 49834 [preauth]
May 12 10:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10599]: Failed password for root from 115.190.72.203 port 49846 ssh2
May 12 10:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10599]: Connection closed by 115.190.72.203 port 49846 [preauth]
May 12 10:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9353]: pam_unix(cron:session): session closed for user root
May 12 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10642]: Failed password for root from 115.190.72.203 port 33990 ssh2
May 12 10:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10642]: Connection closed by 115.190.72.203 port 33990 [preauth]
May 12 10:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Failed password for root from 115.190.72.203 port 34006 ssh2
May 12 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Connection closed by 115.190.72.203 port 34006 [preauth]
May 12 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Invalid user ram from 84.200.17.19
May 12 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: input_userauth_request: invalid user ram [preauth]
May 12 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19
May 12 10:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Failed password for invalid user ram from 84.200.17.19 port 60536 ssh2
May 12 10:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Received disconnect from 84.200.17.19 port 60536:11: Bye Bye [preauth]
May 12 10:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Disconnected from 84.200.17.19 port 60536 [preauth]
May 12 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: Failed password for root from 115.190.72.203 port 51762 ssh2
May 12 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: Connection closed by 115.190.72.203 port 51762 [preauth]
May 12 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Failed password for root from 115.190.72.203 port 51776 ssh2
May 12 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10762]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session closed for user p13x
May 12 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Connection closed by 115.190.72.203 port 51776 [preauth]
May 12 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: Successful su for rubyman by root
May 12 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: + ??? root:rubyman
May 12 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378388 of user rubyman.
May 12 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: pam_unix(su:session): session closed for user rubyman
May 12 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378388.
May 12 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7915]: pam_unix(cron:session): session closed for user root
May 12 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Invalid user desliga from 34.44.67.109
May 12 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: input_userauth_request: invalid user desliga [preauth]
May 12 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109
May 12 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Failed password for root from 115.190.72.203 port 40970 ssh2
May 12 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Connection closed by 115.190.72.203 port 40970 [preauth]
May 12 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Invalid user ec2-user from 47.234.143.55
May 12 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: input_userauth_request: invalid user ec2-user [preauth]
May 12 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55
May 12 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10761]: pam_unix(cron:session): session closed for user samftp
May 12 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Failed password for invalid user desliga from 34.44.67.109 port 45630 ssh2
May 12 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Received disconnect from 34.44.67.109 port 45630:11: Bye Bye [preauth]
May 12 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Disconnected from 34.44.67.109 port 45630 [preauth]
May 12 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Failed password for invalid user ec2-user from 47.234.143.55 port 48162 ssh2
May 12 10:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Received disconnect from 47.234.143.55 port 48162:11: Bye Bye [preauth]
May 12 10:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Disconnected from 47.234.143.55 port 48162 [preauth]
May 12 10:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Failed password for root from 115.190.72.203 port 40980 ssh2
May 12 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Connection closed by 115.190.72.203 port 40980 [preauth]
May 12 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Invalid user dong from 195.158.24.42
May 12 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: input_userauth_request: invalid user dong [preauth]
May 12 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42
May 12 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Failed password for invalid user dong from 195.158.24.42 port 55490 ssh2
May 12 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Received disconnect from 195.158.24.42 port 55490:11: Bye Bye [preauth]
May 12 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Disconnected from 195.158.24.42 port 55490 [preauth]
May 12 10:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Failed password for root from 115.190.72.203 port 53694 ssh2
May 12 10:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Connection closed by 115.190.72.203 port 53694 [preauth]
May 12 10:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Invalid user ec2-user from 188.17.148.221
May 12 10:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: input_userauth_request: invalid user ec2-user [preauth]
May 12 10:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
May 12 10:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: Failed password for root from 115.190.72.203 port 47230 ssh2
May 12 10:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: Connection closed by 115.190.72.203 port 47230 [preauth]
May 12 10:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Failed password for invalid user ec2-user from 188.17.148.221 port 35300 ssh2
May 12 10:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Received disconnect from 188.17.148.221 port 35300:11: Bye Bye [preauth]
May 12 10:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Disconnected from 188.17.148.221 port 35300 [preauth]
May 12 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9762]: pam_unix(cron:session): session closed for user root
May 12 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Failed password for root from 115.190.72.203 port 47246 ssh2
May 12 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Connection closed by 115.190.72.203 port 47246 [preauth]
May 12 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Failed password for root from 115.190.72.203 port 55000 ssh2
May 12 10:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Connection closed by 115.190.72.203 port 55000 [preauth]
May 12 10:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Failed password for root from 115.190.72.203 port 55012 ssh2
May 12 10:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Connection closed by 115.190.72.203 port 55012 [preauth]
May 12 10:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Failed password for root from 115.190.72.203 port 47446 ssh2
May 12 10:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Connection closed by 115.190.72.203 port 47446 [preauth]
May 12 10:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: Failed password for root from 115.190.72.203 port 47458 ssh2
May 12 10:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: Connection closed by 115.190.72.203 port 47458 [preauth]
May 12 10:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Failed password for root from 115.190.72.203 port 47460 ssh2
May 12 10:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Connection closed by 115.190.72.203 port 47460 [preauth]
May 12 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11186]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11188]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11188]: pam_unix(cron:session): session closed for user root
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11182]: pam_unix(cron:session): session closed for user p13x
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11250]: Successful su for rubyman by root
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11250]: + ??? root:rubyman
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378393 of user rubyman.
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11250]: pam_unix(su:session): session closed for user rubyman
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378393.
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Failed password for root from 115.190.72.203 port 53644 ssh2
May 12 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6  user=root
May 12 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Connection closed by 115.190.72.203 port 53644 [preauth]
May 12 10:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: Failed password for root from 181.49.50.6 port 54106 ssh2
May 12 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: Received disconnect from 181.49.50.6 port 54106:11: Bye Bye [preauth]
May 12 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: Disconnected from 181.49.50.6 port 54106 [preauth]
May 12 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11184]: pam_unix(cron:session): session closed for user root
May 12 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8348]: pam_unix(cron:session): session closed for user root
May 12 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11346]: Failed password for root from 115.190.72.203 port 36222 ssh2
May 12 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11346]: Connection closed by 115.190.72.203 port 36222 [preauth]
May 12 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11183]: pam_unix(cron:session): session closed for user samftp
May 12 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11455]: Failed password for root from 115.190.72.203 port 36234 ssh2
May 12 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11455]: Connection closed by 115.190.72.203 port 36234 [preauth]
May 12 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: Failed password for root from 115.190.72.203 port 36246 ssh2
May 12 10:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: Connection closed by 115.190.72.203 port 36246 [preauth]
May 12 10:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: Invalid user bitcoin from 190.244.25.245
May 12 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: input_userauth_request: invalid user bitcoin [preauth]
May 12 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: Failed password for invalid user bitcoin from 190.244.25.245 port 52332 ssh2
May 12 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: Received disconnect from 190.244.25.245 port 52332:11: Bye Bye [preauth]
May 12 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: Disconnected from 190.244.25.245 port 52332 [preauth]
May 12 10:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: Failed password for root from 115.190.72.203 port 40196 ssh2
May 12 10:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: Connection closed by 115.190.72.203 port 40196 [preauth]
May 12 10:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10170]: pam_unix(cron:session): session closed for user root
May 12 10:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: Failed password for root from 115.190.72.203 port 33680 ssh2
May 12 10:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: Connection closed by 115.190.72.203 port 33680 [preauth]
May 12 10:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Failed password for root from 115.190.72.203 port 33690 ssh2
May 12 10:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Connection closed by 115.190.72.203 port 33690 [preauth]
May 12 10:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Failed password for root from 115.190.72.203 port 46784 ssh2
May 12 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Connection closed by 115.190.72.203 port 46784 [preauth]
May 12 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May 12 10:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Failed password for root from 218.92.0.226 port 33054 ssh2
May 12 10:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Failed password for root from 218.92.0.226 port 33054 ssh2
May 12 10:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Failed password for root from 115.190.72.203 port 46794 ssh2
May 12 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Failed password for root from 218.92.0.226 port 33054 ssh2
May 12 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Received disconnect from 218.92.0.226 port 33054:11:  [preauth]
May 12 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Disconnected from 218.92.0.226 port 33054 [preauth]
May 12 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May 12 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11622]: Failed password for root from 115.190.72.203 port 55088 ssh2
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session closed for user p13x
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11622]: Connection closed by 115.190.72.203 port 55088 [preauth]
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11700]: Successful su for rubyman by root
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11700]: + ??? root:rubyman
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378398 of user rubyman.
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11700]: pam_unix(su:session): session closed for user rubyman
May 12 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378398.
May 12 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8792]: pam_unix(cron:session): session closed for user root
May 12 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11636]: pam_unix(cron:session): session closed for user samftp
May 12 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11770]: Failed password for root from 115.190.72.203 port 55092 ssh2
May 12 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11770]: Connection closed by 115.190.72.203 port 55092 [preauth]
May 12 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for root from 115.190.72.203 port 55078 ssh2
May 12 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Connection closed by 115.190.72.203 port 55078 [preauth]
May 12 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Failed password for root from 115.190.72.203 port 55084 ssh2
May 12 10:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Connection closed by 115.190.72.203 port 55084 [preauth]
May 12 10:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 10:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Failed password for root from 115.190.72.203 port 40976 ssh2
May 12 10:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Connection closed by 115.190.72.203 port 40976 [preauth]
May 12 10:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Failed password for root from 190.244.25.245 port 46716 ssh2
May 12 10:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Received disconnect from 190.244.25.245 port 46716:11: Bye Bye [preauth]
May 12 10:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Disconnected from 190.244.25.245 port 46716 [preauth]
May 12 10:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session closed for user root
May 12 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68  user=root
May 12 10:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: Failed password for root from 103.41.98.68 port 52144 ssh2
May 12 10:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: Received disconnect from 103.41.98.68 port 52144:11: Bye Bye [preauth]
May 12 10:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: Disconnected from 103.41.98.68 port 52144 [preauth]
May 12 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Connection closed by 115.190.72.203 port 46794 [preauth]
May 12 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12049]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12050]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12046]: pam_unix(cron:session): session closed for user p13x
May 12 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12107]: Successful su for rubyman by root
May 12 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12107]: + ??? root:rubyman
May 12 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378403 of user rubyman.
May 12 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12107]: pam_unix(su:session): session closed for user rubyman
May 12 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378403.
May 12 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session closed for user root
May 12 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12047]: pam_unix(cron:session): session closed for user samftp
May 12 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session closed for user root
May 12 10:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66  user=root
May 12 10:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Failed password for root from 181.115.178.66 port 37572 ssh2
May 12 10:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Received disconnect from 181.115.178.66 port 37572:11: Bye Bye [preauth]
May 12 10:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Disconnected from 181.115.178.66 port 37572 [preauth]
May 12 10:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11954]: Failed password for root from 115.190.72.203 port 40984 ssh2
May 12 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12456]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12455]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12453]: pam_unix(cron:session): session closed for user p13x
May 12 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12513]: Successful su for rubyman by root
May 12 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12513]: + ??? root:rubyman
May 12 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378406 of user rubyman.
May 12 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12513]: pam_unix(su:session): session closed for user rubyman
May 12 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378406.
May 12 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9761]: pam_unix(cron:session): session closed for user root
May 12 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11954]: Connection closed by 115.190.72.203 port 40984 [preauth]
May 12 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12454]: pam_unix(cron:session): session closed for user samftp
May 12 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Invalid user wli from 84.200.17.19
May 12 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: input_userauth_request: invalid user wli [preauth]
May 12 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19
May 12 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Failed password for invalid user wli from 84.200.17.19 port 53582 ssh2
May 12 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Received disconnect from 84.200.17.19 port 53582:11: Bye Bye [preauth]
May 12 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Disconnected from 84.200.17.19 port 53582 [preauth]
May 12 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: Invalid user chris from 34.44.67.109
May 12 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: input_userauth_request: invalid user chris [preauth]
May 12 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109
May 12 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: Failed password for invalid user chris from 34.44.67.109 port 54048 ssh2
May 12 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: Received disconnect from 34.44.67.109 port 54048:11: Bye Bye [preauth]
May 12 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: Disconnected from 34.44.67.109 port 54048 [preauth]
May 12 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session closed for user root
May 12 10:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12691]: Failed password for root from 115.190.72.203 port 37236 ssh2
May 12 10:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May 12 10:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: Failed password for root from 218.92.0.237 port 54064 ssh2
May 12 10:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.72.203  user=root
May 12 10:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221  user=root
May 12 10:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: Failed password for root from 218.92.0.237 port 54064 ssh2
May 12 10:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: Failed password for root from 115.190.72.203 port 41578 ssh2
May 12 10:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: Connection closed by 115.190.72.203 port 41578 [preauth]
May 12 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12822]: Failed password for root from 188.17.148.221 port 37818 ssh2
May 12 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12822]: Received disconnect from 188.17.148.221 port 37818:11: Bye Bye [preauth]
May 12 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12822]: Disconnected from 188.17.148.221 port 37818 [preauth]
May 12 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12691]: Connection closed by 115.190.72.203 port 37236 [preauth]
May 12 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: Failed password for root from 218.92.0.237 port 54064 ssh2
May 12 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: Received disconnect from 218.92.0.237 port 54064:11:  [preauth]
May 12 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: Disconnected from 218.92.0.237 port 54064 [preauth]
May 12 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May 12 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Invalid user desliga from 47.234.143.55
May 12 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: input_userauth_request: invalid user desliga [preauth]
May 12 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55
May 12 10:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Failed password for invalid user desliga from 47.234.143.55 port 57758 ssh2
May 12 10:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Received disconnect from 47.234.143.55 port 57758:11: Bye Bye [preauth]
May 12 10:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Disconnected from 47.234.143.55 port 57758 [preauth]
May 12 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12857]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12856]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12852]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12854]: pam_unix(cron:session): session closed for user p13x
May 12 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12971]: Successful su for rubyman by root
May 12 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12971]: + ??? root:rubyman
May 12 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378411 of user rubyman.
May 12 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12971]: pam_unix(su:session): session closed for user rubyman
May 12 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378411.
May 12 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12852]: pam_unix(cron:session): session closed for user root
May 12 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10169]: pam_unix(cron:session): session closed for user root
May 12 10:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12855]: pam_unix(cron:session): session closed for user samftp
May 12 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.24.42  user=root
May 12 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: Failed password for root from 195.158.24.42 port 49480 ssh2
May 12 10:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: Received disconnect from 195.158.24.42 port 49480:11: Bye Bye [preauth]
May 12 10:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: Disconnected from 195.158.24.42 port 49480 [preauth]
May 12 10:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 12 10:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.79.33.180
May 12 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12050]: pam_unix(cron:session): session closed for user root
May 12 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: Failed password for root from 218.92.0.179 port 58844 ssh2
May 12 10:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 58844 ssh2]
May 12 10:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: Received disconnect from 218.92.0.179 port 58844:11:  [preauth]
May 12 10:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: Disconnected from 218.92.0.179 port 58844 [preauth]
May 12 10:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13363]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13362]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13361]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13365]: pam_unix(cron:session): session closed for user root
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13359]: pam_unix(cron:session): session closed for user p13x
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13430]: Successful su for rubyman by root
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13430]: + ??? root:rubyman
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378415 of user rubyman.
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13430]: pam_unix(su:session): session closed for user rubyman
May 12 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378415.
May 12 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13361]: pam_unix(cron:session): session closed for user root
May 12 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10762]: pam_unix(cron:session): session closed for user root
May 12 10:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13360]: pam_unix(cron:session): session closed for user samftp
May 12 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6  user=root
May 12 10:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: Failed password for root from 181.49.50.6 port 33502 ssh2
May 12 10:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: Received disconnect from 181.49.50.6 port 33502:11: Bye Bye [preauth]
May 12 10:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: Disconnected from 181.49.50.6 port 33502 [preauth]
May 12 10:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: Invalid user kubernetes from 193.32.162.157
May 12 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: input_userauth_request: invalid user kubernetes [preauth]
May 12 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 10:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: Failed password for invalid user kubernetes from 193.32.162.157 port 38778 ssh2
May 12 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: Connection closed by 193.32.162.157 port 38778 [preauth]
May 12 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12456]: pam_unix(cron:session): session closed for user root
May 12 10:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Invalid user 123 from 193.32.162.157
May 12 10:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: input_userauth_request: invalid user 123 [preauth]
May 12 10:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Failed password for invalid user 123 from 193.32.162.157 port 56446 ssh2
May 12 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Connection closed by 193.32.162.157 port 56446 [preauth]
May 12 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May 12 10:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Failed password for root from 218.92.0.227 port 37402 ssh2
May 12 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Invalid user abc from 193.32.162.157
May 12 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: input_userauth_request: invalid user abc [preauth]
May 12 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 10:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Failed password for root from 218.92.0.227 port 37402 ssh2
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Failed password for invalid user abc from 193.32.162.157 port 2522 ssh2
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13906]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13907]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13904]: pam_unix(cron:session): session closed for user p13x
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Connection closed by 193.32.162.157 port 2522 [preauth]
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13972]: Successful su for rubyman by root
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13972]: + ??? root:rubyman
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378421 of user rubyman.
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13972]: pam_unix(su:session): session closed for user rubyman
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378421.
May 12 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Failed password for root from 218.92.0.227 port 37402 ssh2
May 12 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Received disconnect from 218.92.0.227 port 37402:11:  [preauth]
May 12 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Disconnected from 218.92.0.227 port 37402 [preauth]
May 12 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May 12 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May 12 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11186]: pam_unix(cron:session): session closed for user root
May 12 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13905]: pam_unix(cron:session): session closed for user samftp
May 12 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: Failed password for root from 218.92.0.227 port 37404 ssh2
May 12 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14089]: Failed password for root from 190.244.25.245 port 51216 ssh2
May 12 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14089]: Received disconnect from 190.244.25.245 port 51216:11: Bye Bye [preauth]
May 12 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14089]: Disconnected from 190.244.25.245 port 51216 [preauth]
May 12 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: Failed password for root from 218.92.0.227 port 37404 ssh2
May 12 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: Failed password for root from 218.92.0.227 port 37404 ssh2
May 12 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: Received disconnect from 218.92.0.227 port 37404:11:  [preauth]
May 12 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: Disconnected from 218.92.0.227 port 37404 [preauth]
May 12 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May 12 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Invalid user kubeadmin from 193.32.162.157
May 12 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: input_userauth_request: invalid user kubeadmin [preauth]
May 12 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 10:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Failed password for invalid user kubeadmin from 193.32.162.157 port 34872 ssh2
May 12 10:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: Invalid user admin from 80.94.95.112
May 12 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: input_userauth_request: invalid user admin [preauth]
May 12 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Connection closed by 193.32.162.157 port 34872 [preauth]
May 12 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: Failed password for invalid user admin from 80.94.95.112 port 14819 ssh2
May 12 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: Failed password for invalid user admin from 80.94.95.112 port 14819 ssh2
May 12 10:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: Failed password for invalid user admin from 80.94.95.112 port 14819 ssh2
May 12 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May 12 10:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: Failed password for invalid user admin from 80.94.95.112 port 14819 ssh2
May 12 10:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Failed password for root from 218.92.0.227 port 35542 ssh2
May 12 10:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: Failed password for invalid user admin from 80.94.95.112 port 14819 ssh2
May 12 10:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: Received disconnect from 80.94.95.112 port 14819:11: Bye [preauth]
May 12 10:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: Disconnected from 80.94.95.112 port 14819 [preauth]
May 12 10:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 10:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 10:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Failed password for root from 218.92.0.227 port 35542 ssh2
May 12 10:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Failed password for root from 218.92.0.227 port 35542 ssh2
May 12 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Received disconnect from 218.92.0.227 port 35542:11:  [preauth]
May 12 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Disconnected from 218.92.0.227 port 35542 [preauth]
May 12 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May 12 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: Invalid user git from 193.32.162.157
May 12 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: input_userauth_request: invalid user git [preauth]
May 12 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 10:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12857]: pam_unix(cron:session): session closed for user root
May 12 10:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: Failed password for invalid user git from 193.32.162.157 port 33890 ssh2
May 12 10:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: Connection closed by 193.32.162.157 port 33890 [preauth]
May 12 10:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 10:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: Failed password for root from 190.244.25.245 port 42468 ssh2
May 12 10:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: Received disconnect from 190.244.25.245 port 42468:11: Bye Bye [preauth]
May 12 10:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: Disconnected from 190.244.25.245 port 42468 [preauth]
May 12 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14337]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14335]: pam_unix(cron:session): session closed for user p13x
May 12 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14397]: Successful su for rubyman by root
May 12 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14397]: + ??? root:rubyman
May 12 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378426 of user rubyman.
May 12 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14397]: pam_unix(su:session): session closed for user rubyman
May 12 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378426.
May 12 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session closed for user root
May 12 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Invalid user administrator from 103.41.98.68
May 12 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: input_userauth_request: invalid user administrator [preauth]
May 12 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68
May 12 10:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14336]: pam_unix(cron:session): session closed for user samftp
May 12 10:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Failed password for invalid user administrator from 103.41.98.68 port 38310 ssh2
May 12 10:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Received disconnect from 103.41.98.68 port 38310:11: Bye Bye [preauth]
May 12 10:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Disconnected from 103.41.98.68 port 38310 [preauth]
May 12 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13363]: pam_unix(cron:session): session closed for user root
May 12 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Invalid user ftp1 from 84.200.17.19
May 12 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: input_userauth_request: invalid user ftp1 [preauth]
May 12 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19
May 12 10:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Failed password for invalid user ftp1 from 84.200.17.19 port 36586 ssh2
May 12 10:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Received disconnect from 84.200.17.19 port 36586:11: Bye Bye [preauth]
May 12 10:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Disconnected from 84.200.17.19 port 36586 [preauth]
May 12 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Invalid user Administrator from 80.94.95.125
May 12 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: input_userauth_request: invalid user Administrator [preauth]
May 12 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Failed password for invalid user Administrator from 80.94.95.125 port 17259 ssh2
May 12 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Received disconnect from 80.94.95.125 port 17259:11: Bye [preauth]
May 12 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Disconnected from 80.94.95.125 port 17259 [preauth]
May 12 10:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Invalid user ram from 34.44.67.109
May 12 10:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: input_userauth_request: invalid user ram [preauth]
May 12 10:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109
May 12 10:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Failed password for invalid user ram from 34.44.67.109 port 58986 ssh2
May 12 10:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Received disconnect from 34.44.67.109 port 58986:11: Bye Bye [preauth]
May 12 10:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Disconnected from 34.44.67.109 port 58986 [preauth]
May 12 10:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14743]: Invalid user ftpuser from 188.17.148.221
May 12 10:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14743]: input_userauth_request: invalid user ftpuser [preauth]
May 12 10:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14743]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
May 12 10:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14743]: Failed password for invalid user ftpuser from 188.17.148.221 port 40324 ssh2
May 12 10:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14743]: Received disconnect from 188.17.148.221 port 40324:11: Bye Bye [preauth]
May 12 10:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14743]: Disconnected from 188.17.148.221 port 40324 [preauth]
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14754]: pam_unix(cron:session): session closed for user p13x
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: Did not receive identification string from 117.40.119.252
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14817]: Successful su for rubyman by root
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14817]: + ??? root:rubyman
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378430 of user rubyman.
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14817]: pam_unix(su:session): session closed for user rubyman
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378430.
May 12 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12049]: pam_unix(cron:session): session closed for user root
May 12 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Failed password for root from 117.40.119.252 port 47228 ssh2
May 12 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Connection closed by 117.40.119.252 port 47228 [preauth]
May 12 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session closed for user samftp
May 12 10:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Failed password for root from 117.40.119.252 port 48798 ssh2
May 12 10:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Connection closed by 117.40.119.252 port 48798 [preauth]
May 12 10:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Failed password for root from 117.40.119.252 port 50313 ssh2
May 12 10:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Connection closed by 117.40.119.252 port 50313 [preauth]
May 12 10:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: Failed password for root from 117.40.119.252 port 52021 ssh2
May 12 10:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: Connection closed by 117.40.119.252 port 52021 [preauth]
May 12 10:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Failed password for root from 117.40.119.252 port 56435 ssh2
May 12 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Connection closed by 117.40.119.252 port 56435 [preauth]
May 12 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Failed password for root from 117.40.119.252 port 58458 ssh2
May 12 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Connection closed by 117.40.119.252 port 58458 [preauth]
May 12 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15088]: Invalid user zhangyun from 47.234.143.55
May 12 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15088]: input_userauth_request: invalid user zhangyun [preauth]
May 12 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15088]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55
May 12 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: Failed password for root from 117.40.119.252 port 60052 ssh2
May 12 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: Connection closed by 117.40.119.252 port 60052 [preauth]
May 12 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66  user=root
May 12 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15088]: Failed password for invalid user zhangyun from 47.234.143.55 port 40302 ssh2
May 12 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15088]: Received disconnect from 47.234.143.55 port 40302:11: Bye Bye [preauth]
May 12 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15088]: Disconnected from 47.234.143.55 port 40302 [preauth]
May 12 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Failed password for root from 181.115.178.66 port 46698 ssh2
May 12 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Received disconnect from 181.115.178.66 port 46698:11: Bye Bye [preauth]
May 12 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Disconnected from 181.115.178.66 port 46698 [preauth]
May 12 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: Failed password for root from 117.40.119.252 port 33573 ssh2
May 12 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13907]: pam_unix(cron:session): session closed for user root
May 12 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: Connection closed by 117.40.119.252 port 33573 [preauth]
May 12 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: Failed password for root from 117.40.119.252 port 35237 ssh2
May 12 10:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: Connection closed by 117.40.119.252 port 35237 [preauth]
May 12 10:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: Failed password for root from 117.40.119.252 port 37189 ssh2
May 12 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: Connection closed by 117.40.119.252 port 37189 [preauth]
May 12 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: Failed password for root from 117.40.119.252 port 39596 ssh2
May 12 10:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: Connection closed by 117.40.119.252 port 39596 [preauth]
May 12 10:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: Failed password for root from 117.40.119.252 port 41281 ssh2
May 12 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: Connection closed by 117.40.119.252 port 41281 [preauth]
May 12 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Failed password for root from 117.40.119.252 port 42991 ssh2
May 12 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Connection closed by 117.40.119.252 port 42991 [preauth]
May 12 10:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: Failed password for root from 117.40.119.252 port 44768 ssh2
May 12 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: Connection closed by 117.40.119.252 port 44768 [preauth]
May 12 10:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15202]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15200]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session closed for user p13x
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15260]: Successful su for rubyman by root
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15260]: + ??? root:rubyman
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378432 of user rubyman.
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15260]: pam_unix(su:session): session closed for user rubyman
May 12 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378432.
May 12 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15194]: Failed password for root from 117.40.119.252 port 48852 ssh2
May 12 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15194]: Connection closed by 117.40.119.252 port 48852 [preauth]
May 12 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12455]: pam_unix(cron:session): session closed for user root
May 12 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: Failed password for root from 117.40.119.252 port 50183 ssh2
May 12 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: Connection closed by 117.40.119.252 port 50183 [preauth]
May 12 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session closed for user samftp
May 12 10:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Failed password for root from 117.40.119.252 port 54233 ssh2
May 12 10:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Connection closed by 117.40.119.252 port 54233 [preauth]
May 12 10:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: Failed password for root from 117.40.119.252 port 55679 ssh2
May 12 10:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: Connection closed by 117.40.119.252 port 55679 [preauth]
May 12 10:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15480]: Failed password for root from 117.40.119.252 port 57239 ssh2
May 12 10:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15480]: Connection closed by 117.40.119.252 port 57239 [preauth]
May 12 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Failed password for root from 117.40.119.252 port 58843 ssh2
May 12 10:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Connection closed by 117.40.119.252 port 58843 [preauth]
May 12 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Failed password for root from 117.40.119.252 port 35014 ssh2
May 12 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Connection closed by 117.40.119.252 port 35014 [preauth]
May 12 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session closed for user root
May 12 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Failed password for root from 117.40.119.252 port 36451 ssh2
May 12 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Connection closed by 117.40.119.252 port 36451 [preauth]
May 12 10:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: Failed password for root from 117.40.119.252 port 38080 ssh2
May 12 10:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: Connection closed by 117.40.119.252 port 38080 [preauth]
May 12 10:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Failed password for root from 117.40.119.252 port 40012 ssh2
May 12 10:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Connection closed by 117.40.119.252 port 40012 [preauth]
May 12 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May 12 10:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Failed password for root from 218.92.0.212 port 1734 ssh2
May 12 10:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Failed password for root from 117.40.119.252 port 44449 ssh2
May 12 10:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Connection closed by 117.40.119.252 port 44449 [preauth]
May 12 10:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Failed password for root from 218.92.0.212 port 1734 ssh2
May 12 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Failed password for root from 117.40.119.252 port 45850 ssh2
May 12 10:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Connection closed by 117.40.119.252 port 45850 [preauth]
May 12 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Failed password for root from 218.92.0.212 port 1734 ssh2
May 12 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: Failed password for root from 117.40.119.252 port 47470 ssh2
May 12 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: Connection closed by 117.40.119.252 port 47470 [preauth]
May 12 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Failed password for root from 218.92.0.212 port 1734 ssh2
May 12 10:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15625]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15624]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15622]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15623]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15625]: pam_unix(cron:session): session closed for user root
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15620]: pam_unix(cron:session): session closed for user p13x
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Failed password for root from 117.40.119.252 port 49537 ssh2
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Connection closed by 117.40.119.252 port 49537 [preauth]
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15688]: Successful su for rubyman by root
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15688]: + ??? root:rubyman
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378438 of user rubyman.
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15688]: pam_unix(su:session): session closed for user rubyman
May 12 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378438.
May 12 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15622]: pam_unix(cron:session): session closed for user root
May 12 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Failed password for root from 117.40.119.252 port 51232 ssh2
May 12 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Connection closed by 117.40.119.252 port 51232 [preauth]
May 12 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12856]: pam_unix(cron:session): session closed for user root
May 12 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15621]: pam_unix(cron:session): session closed for user samftp
May 12 10:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May 12 10:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: Failed password for root from 218.92.0.212 port 16962 ssh2
May 12 10:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6  user=root
May 12 10:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Failed password for root from 117.40.119.252 port 57959 ssh2
May 12 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Connection closed by 117.40.119.252 port 57959 [preauth]
May 12 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: Failed password for root from 181.49.50.6 port 41176 ssh2
May 12 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: Received disconnect from 181.49.50.6 port 41176:11: Bye Bye [preauth]
May 12 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: Disconnected from 181.49.50.6 port 41176 [preauth]
May 12 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: Failed password for root from 218.92.0.212 port 16962 ssh2
May 12 10:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Failed password for root from 218.92.0.179 port 42690 ssh2
May 12 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: Failed password for root from 218.92.0.212 port 16962 ssh2
May 12 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Failed password for root from 218.92.0.179 port 42690 ssh2
May 12 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: Failed password for root from 117.40.119.252 port 59647 ssh2
May 12 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: Connection closed by 117.40.119.252 port 59647 [preauth]
May 12 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Failed password for root from 218.92.0.179 port 42690 ssh2
May 12 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Received disconnect from 218.92.0.179 port 42690:11:  [preauth]
May 12 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Disconnected from 218.92.0.179 port 42690 [preauth]
May 12 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: Failed password for root from 218.92.0.212 port 16962 ssh2
May 12 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15958]: Failed password for root from 117.40.119.252 port 33515 ssh2
May 12 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15958]: Connection closed by 117.40.119.252 port 33515 [preauth]
May 12 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: Failed password for root from 218.92.0.212 port 16962 ssh2
May 12 10:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: Failed password for root from 117.40.119.252 port 35436 ssh2
May 12 10:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: Connection closed by 117.40.119.252 port 35436 [preauth]
May 12 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session closed for user root
May 12 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: Failed password for root from 117.40.119.252 port 37015 ssh2
May 12 10:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: Connection closed by 117.40.119.252 port 37015 [preauth]
May 12 10:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: Failed password for root from 117.40.119.252 port 40006 ssh2
May 12 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: Connection closed by 117.40.119.252 port 40006 [preauth]
May 12 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: Failed password for root from 117.40.119.252 port 42279 ssh2
May 12 10:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: Connection closed by 117.40.119.252 port 42279 [preauth]
May 12 10:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Failed password for root from 117.40.119.252 port 43868 ssh2
May 12 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Connection closed by 117.40.119.252 port 43868 [preauth]
May 12 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May 12 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: Failed password for root from 218.92.0.212 port 27076 ssh2
May 12 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: Failed password for root from 117.40.119.252 port 45205 ssh2
May 12 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: Connection closed by 117.40.119.252 port 45205 [preauth]
May 12 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: Failed password for root from 218.92.0.212 port 27076 ssh2
May 12 10:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: Received disconnect from 218.92.0.212 port 27076:11:  [preauth]
May 12 10:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: Disconnected from 218.92.0.212 port 27076 [preauth]
May 12 10:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May 12 10:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Failed password for root from 117.40.119.252 port 46852 ssh2
May 12 10:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Connection closed by 117.40.119.252 port 46852 [preauth]
May 12 10:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16068]: Failed password for root from 117.40.119.252 port 48492 ssh2
May 12 10:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16068]: Connection closed by 117.40.119.252 port 48492 [preauth]
May 12 10:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May 12 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: Failed password for root from 117.40.119.252 port 50197 ssh2
May 12 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: Failed password for root from 218.92.0.225 port 60866 ssh2
May 12 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: Connection closed by 117.40.119.252 port 50197 [preauth]
May 12 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: Failed password for root from 218.92.0.225 port 60866 ssh2
May 12 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16082]: Failed password for root from 117.40.119.252 port 51575 ssh2
May 12 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16082]: Connection closed by 117.40.119.252 port 51575 [preauth]
May 12 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: Failed password for root from 218.92.0.225 port 60866 ssh2
May 12 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: Received disconnect from 218.92.0.225 port 60866:11:  [preauth]
May 12 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: Disconnected from 218.92.0.225 port 60866 [preauth]
May 12 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May 12 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session closed for user p13x
May 12 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16165]: Successful su for rubyman by root
May 12 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16165]: + ??? root:rubyman
May 12 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378442 of user rubyman.
May 12 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16165]: pam_unix(su:session): session closed for user rubyman
May 12 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378442.
May 12 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: Failed password for root from 117.40.119.252 port 53114 ssh2
May 12 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: Connection closed by 117.40.119.252 port 53114 [preauth]
May 12 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13362]: pam_unix(cron:session): session closed for user root
May 12 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session closed for user samftp
May 12 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16297]: Failed password for root from 117.40.119.252 port 55089 ssh2
May 12 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16297]: Connection closed by 117.40.119.252 port 55089 [preauth]
May 12 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Failed password for root from 117.40.119.252 port 56837 ssh2
May 12 10:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Connection closed by 117.40.119.252 port 56837 [preauth]
May 12 10:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Failed password for root from 117.40.119.252 port 58524 ssh2
May 12 10:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Connection closed by 117.40.119.252 port 58524 [preauth]
May 12 10:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Failed password for root from 117.40.119.252 port 60166 ssh2
May 12 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Connection closed by 117.40.119.252 port 60166 [preauth]
May 12 10:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Failed password for root from 117.40.119.252 port 33436 ssh2
May 12 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Connection closed by 117.40.119.252 port 33436 [preauth]
May 12 10:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: Failed password for root from 117.40.119.252 port 36529 ssh2
May 12 10:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: Connection closed by 117.40.119.252 port 36529 [preauth]
May 12 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15202]: pam_unix(cron:session): session closed for user root
May 12 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Failed password for root from 117.40.119.252 port 43245 ssh2
May 12 10:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Connection closed by 117.40.119.252 port 43245 [preauth]
May 12 10:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Failed password for root from 117.40.119.252 port 46342 ssh2
May 12 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Connection closed by 117.40.119.252 port 46342 [preauth]
May 12 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May 12 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: Failed password for root from 190.244.25.245 port 37870 ssh2
May 12 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: Received disconnect from 190.244.25.245 port 37870:11: Bye Bye [preauth]
May 12 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: Disconnected from 190.244.25.245 port 37870 [preauth]
May 12 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Failed password for root from 218.92.0.236 port 16640 ssh2
May 12 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Failed password for root from 218.92.0.236 port 16640 ssh2
May 12 10:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16506]: Failed password for root from 117.40.119.252 port 48074 ssh2
May 12 10:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16506]: Connection closed by 117.40.119.252 port 48074 [preauth]
May 12 10:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Failed password for root from 218.92.0.236 port 16640 ssh2
May 12 10:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Received disconnect from 218.92.0.236 port 16640:11:  [preauth]
May 12 10:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Disconnected from 218.92.0.236 port 16640 [preauth]
May 12 10:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May 12 10:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: Failed password for root from 117.40.119.252 port 50972 ssh2
May 12 10:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: Connection closed by 117.40.119.252 port 50972 [preauth]
May 12 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16547]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16554]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16545]: pam_unix(cron:session): session closed for user p13x
May 12 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16626]: Successful su for rubyman by root
May 12 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16626]: + ??? root:rubyman
May 12 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378447 of user rubyman.
May 12 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16626]: pam_unix(su:session): session closed for user rubyman
May 12 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378447.
May 12 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19  user=root
May 12 10:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13906]: pam_unix(cron:session): session closed for user root
May 12 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: Failed password for root from 84.200.17.19 port 49838 ssh2
May 12 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: Received disconnect from 84.200.17.19 port 49838:11: Bye Bye [preauth]
May 12 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: Disconnected from 84.200.17.19 port 49838 [preauth]
May 12 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Failed password for root from 117.40.119.252 port 56642 ssh2
May 12 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Connection closed by 117.40.119.252 port 56642 [preauth]
May 12 10:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16546]: pam_unix(cron:session): session closed for user samftp
May 12 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109  user=root
May 12 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: Failed password for root from 117.40.119.252 port 58170 ssh2
May 12 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: Connection closed by 117.40.119.252 port 58170 [preauth]
May 12 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Failed password for root from 34.44.67.109 port 50008 ssh2
May 12 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Received disconnect from 34.44.67.109 port 50008:11: Bye Bye [preauth]
May 12 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Disconnected from 34.44.67.109 port 50008 [preauth]
May 12 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Invalid user amule from 188.17.148.221
May 12 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: input_userauth_request: invalid user amule [preauth]
May 12 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
May 12 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Failed password for invalid user amule from 188.17.148.221 port 42852 ssh2
May 12 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Received disconnect from 188.17.148.221 port 42852:11: Bye Bye [preauth]
May 12 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Disconnected from 188.17.148.221 port 42852 [preauth]
May 12 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: Failed password for root from 117.40.119.252 port 33365 ssh2
May 12 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: Connection closed by 117.40.119.252 port 33365 [preauth]
May 12 10:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Failed password for root from 117.40.119.252 port 34716 ssh2
May 12 10:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Connection closed by 117.40.119.252 port 34716 [preauth]
May 12 10:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16860]: Failed password for root from 117.40.119.252 port 36702 ssh2
May 12 10:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16860]: Connection closed by 117.40.119.252 port 36702 [preauth]
May 12 10:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: Failed password for root from 117.40.119.252 port 38128 ssh2
May 12 10:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: Connection closed by 117.40.119.252 port 38128 [preauth]
May 12 10:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16897]: Failed password for root from 117.40.119.252 port 39790 ssh2
May 12 10:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16897]: Connection closed by 117.40.119.252 port 39790 [preauth]
May 12 10:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Invalid user dmdba from 103.41.98.68
May 12 10:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: input_userauth_request: invalid user dmdba [preauth]
May 12 10:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68
May 12 10:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Invalid user bitcoin from 190.244.25.245
May 12 10:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: input_userauth_request: invalid user bitcoin [preauth]
May 12 10:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16916]: Failed password for root from 117.40.119.252 port 41934 ssh2
May 12 10:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16916]: Connection closed by 117.40.119.252 port 41934 [preauth]
May 12 10:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Failed password for invalid user dmdba from 103.41.98.68 port 46474 ssh2
May 12 10:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Received disconnect from 103.41.98.68 port 46474:11: Bye Bye [preauth]
May 12 10:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Disconnected from 103.41.98.68 port 46474 [preauth]
May 12 10:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Failed password for invalid user bitcoin from 190.244.25.245 port 55286 ssh2
May 12 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Received disconnect from 190.244.25.245 port 55286:11: Bye Bye [preauth]
May 12 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Disconnected from 190.244.25.245 port 55286 [preauth]
May 12 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15624]: pam_unix(cron:session): session closed for user root
May 12 10:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16936]: Failed password for root from 117.40.119.252 port 43697 ssh2
May 12 10:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16936]: Connection closed by 117.40.119.252 port 43697 [preauth]
May 12 10:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: Failed password for root from 117.40.119.252 port 48534 ssh2
May 12 10:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: Connection closed by 117.40.119.252 port 48534 [preauth]
May 12 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Failed password for root from 117.40.119.252 port 54462 ssh2
May 12 10:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Connection closed by 117.40.119.252 port 54462 [preauth]
May 12 10:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Failed password for root from 117.40.119.252 port 56134 ssh2
May 12 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Connection closed by 117.40.119.252 port 56134 [preauth]
May 12 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17035]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17036]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17033]: pam_unix(cron:session): session closed for user p13x
May 12 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17093]: Successful su for rubyman by root
May 12 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17093]: + ??? root:rubyman
May 12 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378451 of user rubyman.
May 12 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17093]: pam_unix(su:session): session closed for user rubyman
May 12 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378451.
May 12 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Failed password for root from 117.40.119.252 port 57736 ssh2
May 12 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Connection closed by 117.40.119.252 port 57736 [preauth]
May 12 10:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14337]: pam_unix(cron:session): session closed for user root
May 12 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17034]: pam_unix(cron:session): session closed for user samftp
May 12 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Failed password for root from 117.40.119.252 port 59239 ssh2
May 12 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Connection closed by 117.40.119.252 port 59239 [preauth]
May 12 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Failed password for root from 117.40.119.252 port 33084 ssh2
May 12 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55  user=root
May 12 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Connection closed by 117.40.119.252 port 33084 [preauth]
May 12 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Failed password for root from 47.234.143.55 port 51112 ssh2
May 12 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Received disconnect from 47.234.143.55 port 51112:11: Bye Bye [preauth]
May 12 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Disconnected from 47.234.143.55 port 51112 [preauth]
May 12 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Failed password for root from 117.40.119.252 port 34728 ssh2
May 12 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Connection closed by 117.40.119.252 port 34728 [preauth]
May 12 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Failed password for root from 117.40.119.252 port 36443 ssh2
May 12 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Connection closed by 117.40.119.252 port 36443 [preauth]
May 12 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: Failed password for root from 117.40.119.252 port 38063 ssh2
May 12 10:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: Connection closed by 117.40.119.252 port 38063 [preauth]
May 12 10:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17338]: Failed password for root from 117.40.119.252 port 39614 ssh2
May 12 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17338]: Connection closed by 117.40.119.252 port 39614 [preauth]
May 12 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Failed password for root from 117.40.119.252 port 41881 ssh2
May 12 10:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Connection closed by 117.40.119.252 port 41881 [preauth]
May 12 10:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Failed password for root from 117.40.119.252 port 43436 ssh2
May 12 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Connection closed by 117.40.119.252 port 43436 [preauth]
May 12 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Failed password for root from 117.40.119.252 port 45145 ssh2
May 12 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Connection closed by 117.40.119.252 port 45145 [preauth]
May 12 10:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session closed for user root
May 12 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: Failed password for root from 117.40.119.252 port 49323 ssh2
May 12 10:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: Connection closed by 117.40.119.252 port 49323 [preauth]
May 12 10:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for root from 117.40.119.252 port 53503 ssh2
May 12 10:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Connection closed by 117.40.119.252 port 53503 [preauth]
May 12 10:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: Failed password for root from 117.40.119.252 port 56620 ssh2
May 12 10:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: Connection closed by 117.40.119.252 port 56620 [preauth]
May 12 10:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: Failed password for root from 117.40.119.252 port 58142 ssh2
May 12 10:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: Connection closed by 117.40.119.252 port 58142 [preauth]
May 12 10:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17478]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17474]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17472]: pam_unix(cron:session): session closed for user p13x
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17543]: Successful su for rubyman by root
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17543]: + ??? root:rubyman
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378454 of user rubyman.
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17543]: pam_unix(su:session): session closed for user rubyman
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378454.
May 12 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: Failed password for root from 117.40.119.252 port 60158 ssh2
May 12 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: Connection closed by 117.40.119.252 port 60158 [preauth]
May 12 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session closed for user root
May 12 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17473]: pam_unix(cron:session): session closed for user samftp
May 12 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17707]: Failed password for root from 117.40.119.252 port 33585 ssh2
May 12 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17707]: Connection closed by 117.40.119.252 port 33585 [preauth]
May 12 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Invalid user ftpguest from 185.93.89.118
May 12 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: input_userauth_request: invalid user ftpguest [preauth]
May 12 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 10:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Failed password for invalid user ftpguest from 185.93.89.118 port 19058 ssh2
May 12 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Connection closed by 185.93.89.118 port 19058 [preauth]
May 12 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17747]: Failed password for root from 117.40.119.252 port 35302 ssh2
May 12 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17747]: Connection closed by 117.40.119.252 port 35302 [preauth]
May 12 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17789]: Failed password for root from 117.40.119.252 port 38584 ssh2
May 12 10:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17789]: Connection closed by 117.40.119.252 port 38584 [preauth]
May 12 10:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66  user=root
May 12 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17888]: Failed password for root from 181.115.178.66 port 54392 ssh2
May 12 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17888]: Received disconnect from 181.115.178.66 port 54392:11: Bye Bye [preauth]
May 12 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17888]: Disconnected from 181.115.178.66 port 54392 [preauth]
May 12 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: Failed password for root from 117.40.119.252 port 42766 ssh2
May 12 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: Connection closed by 117.40.119.252 port 42766 [preauth]
May 12 10:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: User ftp from 185.93.89.118 not allowed because not listed in AllowUsers
May 12 10:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: input_userauth_request: invalid user ftp [preauth]
May 12 10:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=ftp
May 12 10:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Failed password for invalid user ftp from 185.93.89.118 port 64922 ssh2
May 12 10:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: Failed password for root from 117.40.119.252 port 44438 ssh2
May 12 10:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: Connection closed by 117.40.119.252 port 44438 [preauth]
May 12 10:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16554]: pam_unix(cron:session): session closed for user root
May 12 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Connection closed by 185.93.89.118 port 64922 [preauth]
May 12 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17929]: Failed password for root from 117.40.119.252 port 47560 ssh2
May 12 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17929]: Connection closed by 117.40.119.252 port 47560 [preauth]
May 12 10:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: Failed password for root from 117.40.119.252 port 51690 ssh2
May 12 10:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: Connection closed by 117.40.119.252 port 51690 [preauth]
May 12 10:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17988]: Failed password for root from 117.40.119.252 port 53711 ssh2
May 12 10:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17988]: Connection closed by 117.40.119.252 port 53711 [preauth]
May 12 10:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: Invalid user ftpadmin from 185.93.89.118
May 12 10:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: input_userauth_request: invalid user ftpadmin [preauth]
May 12 10:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 10:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: Failed password for invalid user ftpadmin from 185.93.89.118 port 65508 ssh2
May 12 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Failed password for root from 117.40.119.252 port 55289 ssh2
May 12 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Connection closed by 117.40.119.252 port 55289 [preauth]
May 12 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: Connection closed by 185.93.89.118 port 65508 [preauth]
May 12 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18012]: Failed password for root from 117.40.119.252 port 57289 ssh2
May 12 10:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18012]: Connection closed by 117.40.119.252 port 57289 [preauth]
May 12 10:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18041]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18037]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18039]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18040]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18041]: pam_unix(cron:session): session closed for user root
May 12 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18035]: pam_unix(cron:session): session closed for user p13x
May 12 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18116]: Successful su for rubyman by root
May 12 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18116]: + ??? root:rubyman
May 12 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378463 of user rubyman.
May 12 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18116]: pam_unix(su:session): session closed for user rubyman
May 12 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: Failed password for root from 117.40.119.252 port 59511 ssh2
May 12 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378463.
May 12 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: Connection closed by 117.40.119.252 port 59511 [preauth]
May 12 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18037]: pam_unix(cron:session): session closed for user root
May 12 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15200]: pam_unix(cron:session): session closed for user root
May 12 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18141]: Failed password for root from 117.40.119.252 port 34765 ssh2
May 12 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18141]: Connection closed by 117.40.119.252 port 34765 [preauth]
May 12 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18011]: Invalid user ftptestusr from 185.93.89.118
May 12 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18011]: input_userauth_request: invalid user ftptestusr [preauth]
May 12 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18011]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18036]: pam_unix(cron:session): session closed for user samftp
May 12 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18300]: Failed password for root from 117.40.119.252 port 36399 ssh2
May 12 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18011]: Failed password for invalid user ftptestusr from 185.93.89.118 port 56032 ssh2
May 12 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18300]: Connection closed by 117.40.119.252 port 36399 [preauth]
May 12 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18011]: Connection closed by 185.93.89.118 port 56032 [preauth]
May 12 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Failed password for root from 117.40.119.252 port 37809 ssh2
May 12 10:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Connection closed by 117.40.119.252 port 37809 [preauth]
May 12 10:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: Failed password for root from 117.40.119.252 port 39424 ssh2
May 12 10:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: Connection closed by 117.40.119.252 port 39424 [preauth]
May 12 10:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18362]: Failed password for root from 117.40.119.252 port 41121 ssh2
May 12 10:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18362]: Connection closed by 117.40.119.252 port 41121 [preauth]
May 12 10:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: Invalid user ftptest from 185.93.89.118
May 12 10:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: input_userauth_request: invalid user ftptest [preauth]
May 12 10:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 10:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: Failed password for root from 117.40.119.252 port 44263 ssh2
May 12 10:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: Connection closed by 117.40.119.252 port 44263 [preauth]
May 12 10:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: Failed password for invalid user ftptest from 185.93.89.118 port 33294 ssh2
May 12 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: Invalid user sravani from 181.49.50.6
May 12 10:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: input_userauth_request: invalid user sravani [preauth]
May 12 10:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6
May 12 10:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: Failed password for root from 117.40.119.252 port 46487 ssh2
May 12 10:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: Connection closed by 117.40.119.252 port 46487 [preauth]
May 12 10:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: Connection closed by 185.93.89.118 port 33294 [preauth]
May 12 10:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: Failed password for invalid user sravani from 181.49.50.6 port 48828 ssh2
May 12 10:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: Received disconnect from 181.49.50.6 port 48828:11: Bye Bye [preauth]
May 12 10:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: Disconnected from 181.49.50.6 port 48828 [preauth]
May 12 10:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: Failed password for root from 117.40.119.252 port 48192 ssh2
May 12 10:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: Connection closed by 117.40.119.252 port 48192 [preauth]
May 12 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17036]: pam_unix(cron:session): session closed for user root
May 12 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Failed password for root from 117.40.119.252 port 50092 ssh2
May 12 10:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Connection closed by 117.40.119.252 port 50092 [preauth]
May 12 10:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18453]: Failed password for root from 117.40.119.252 port 52410 ssh2
May 12 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18453]: Connection closed by 117.40.119.252 port 52410 [preauth]
May 12 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: Failed password for root from 117.40.119.252 port 54088 ssh2
May 12 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: Connection closed by 117.40.119.252 port 54088 [preauth]
May 12 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: Failed password for root from 117.40.119.252 port 55861 ssh2
May 12 10:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: Connection closed by 117.40.119.252 port 55861 [preauth]
May 12 10:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: Failed password for root from 117.40.119.252 port 34891 ssh2
May 12 10:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: Connection closed by 117.40.119.252 port 34891 [preauth]
May 12 10:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18524]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18525]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session closed for user p13x
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18589]: Successful su for rubyman by root
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18589]: + ??? root:rubyman
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378465 of user rubyman.
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18589]: pam_unix(su:session): session closed for user rubyman
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378465.
May 12 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Failed password for root from 117.40.119.252 port 36280 ssh2
May 12 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Connection closed by 117.40.119.252 port 36280 [preauth]
May 12 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15623]: pam_unix(cron:session): session closed for user root
May 12 10:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session closed for user samftp
May 12 10:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18700]: Failed password for root from 117.40.119.252 port 37851 ssh2
May 12 10:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18700]: Connection closed by 117.40.119.252 port 37851 [preauth]
May 12 10:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18792]: Failed password for root from 117.40.119.252 port 42412 ssh2
May 12 10:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18792]: Connection closed by 117.40.119.252 port 42412 [preauth]
May 12 10:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: Failed password for root from 117.40.119.252 port 46370 ssh2
May 12 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: Connection closed by 117.40.119.252 port 46370 [preauth]
May 12 10:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May 12 10:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: Failed password for root from 50.235.31.47 port 47386 ssh2
May 12 10:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: Connection closed by 50.235.31.47 port 47386 [preauth]
May 12 10:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Invalid user desliga from 188.17.148.221
May 12 10:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: input_userauth_request: invalid user desliga [preauth]
May 12 10:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
May 12 10:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.44.67.109  user=root
May 12 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Failed password for invalid user desliga from 188.17.148.221 port 45370 ssh2
May 12 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Received disconnect from 188.17.148.221 port 45370:11: Bye Bye [preauth]
May 12 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Disconnected from 188.17.148.221 port 45370 [preauth]
May 12 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17478]: pam_unix(cron:session): session closed for user root
May 12 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: Failed password for root from 34.44.67.109 port 48586 ssh2
May 12 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: Received disconnect from 34.44.67.109 port 48586:11: Bye Bye [preauth]
May 12 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: Disconnected from 34.44.67.109 port 48586 [preauth]
May 12 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.200.17.19  user=root
May 12 10:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: Failed password for root from 84.200.17.19 port 38076 ssh2
May 12 10:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: Received disconnect from 84.200.17.19 port 38076:11: Bye Bye [preauth]
May 12 10:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: Disconnected from 84.200.17.19 port 38076 [preauth]
May 12 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: Failed password for root from 117.40.119.252 port 54503 ssh2
May 12 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: Connection closed by 117.40.119.252 port 54503 [preauth]
May 12 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: Failed password for root from 117.40.119.252 port 55657 ssh2
May 12 10:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: Connection closed by 117.40.119.252 port 55657 [preauth]
May 12 10:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Failed password for root from 117.40.119.252 port 57128 ssh2
May 12 10:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Connection closed by 117.40.119.252 port 57128 [preauth]
May 12 10:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Failed password for root from 117.40.119.252 port 35865 ssh2
May 12 10:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Connection closed by 117.40.119.252 port 35865 [preauth]
May 12 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18957]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18954]: pam_unix(cron:session): session closed for user p13x
May 12 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: Successful su for rubyman by root
May 12 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: + ??? root:rubyman
May 12 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378468 of user rubyman.
May 12 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: pam_unix(su:session): session closed for user rubyman
May 12 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378468.
May 12 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session closed for user root
May 12 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Failed password for root from 117.40.119.252 port 39934 ssh2
May 12 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Connection closed by 117.40.119.252 port 39934 [preauth]
May 12 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18955]: pam_unix(cron:session): session closed for user samftp
May 12 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: Failed password for root from 117.40.119.252 port 41613 ssh2
May 12 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: Connection closed by 117.40.119.252 port 41613 [preauth]
May 12 10:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19216]: Failed password for root from 117.40.119.252 port 43231 ssh2
May 12 10:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19216]: Connection closed by 117.40.119.252 port 43231 [preauth]
May 12 10:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Failed password for root from 117.40.119.252 port 46086 ssh2
May 12 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Connection closed by 117.40.119.252 port 46086 [preauth]
May 12 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19241]: Failed password for root from 117.40.119.252 port 48087 ssh2
May 12 10:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19241]: Connection closed by 117.40.119.252 port 48087 [preauth]
May 12 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Failed password for root from 117.40.119.252 port 49524 ssh2
May 12 10:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Connection closed by 117.40.119.252 port 49524 [preauth]
May 12 10:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Invalid user timothee from 190.244.25.245
May 12 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: input_userauth_request: invalid user timothee [preauth]
May 12 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19282]: Failed password for root from 117.40.119.252 port 51613 ssh2
May 12 10:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Failed password for invalid user timothee from 190.244.25.245 port 38870 ssh2
May 12 10:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19282]: Connection closed by 117.40.119.252 port 51613 [preauth]
May 12 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Received disconnect from 190.244.25.245 port 38870:11: Bye Bye [preauth]
May 12 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Disconnected from 190.244.25.245 port 38870 [preauth]
May 12 10:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18040]: pam_unix(cron:session): session closed for user root
May 12 10:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: Failed password for root from 117.40.119.252 port 56473 ssh2
May 12 10:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: Connection closed by 117.40.119.252 port 56473 [preauth]
May 12 10:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Failed password for root from 117.40.119.252 port 58007 ssh2
May 12 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Connection closed by 117.40.119.252 port 58007 [preauth]
May 12 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19334]: Failed password for root from 117.40.119.252 port 60136 ssh2
May 12 10:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19334]: Connection closed by 117.40.119.252 port 60136 [preauth]
May 12 10:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: Failed password for root from 117.40.119.252 port 33160 ssh2
May 12 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: Connection closed by 117.40.119.252 port 33160 [preauth]
May 12 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Invalid user maxwell from 103.41.98.68
May 12 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: input_userauth_request: invalid user maxwell [preauth]
May 12 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68
May 12 10:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Failed password for invalid user maxwell from 103.41.98.68 port 56406 ssh2
May 12 10:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Received disconnect from 103.41.98.68 port 56406:11: Bye Bye [preauth]
May 12 10:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Disconnected from 103.41.98.68 port 56406 [preauth]
May 12 10:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Failed password for root from 117.40.119.252 port 34971 ssh2
May 12 10:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Connection closed by 117.40.119.252 port 34971 [preauth]
May 12 10:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Failed password for root from 117.40.119.252 port 40524 ssh2
May 12 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55  user=root
May 12 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Connection closed by 117.40.119.252 port 40524 [preauth]
May 12 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19397]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19396]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19393]: pam_unix(cron:session): session closed for user p13x
May 12 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19455]: Successful su for rubyman by root
May 12 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19455]: + ??? root:rubyman
May 12 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378473 of user rubyman.
May 12 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19455]: pam_unix(su:session): session closed for user rubyman
May 12 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378473.
May 12 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19390]: Failed password for root from 47.234.143.55 port 33892 ssh2
May 12 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19390]: Received disconnect from 47.234.143.55 port 33892:11: Bye Bye [preauth]
May 12 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19390]: Disconnected from 47.234.143.55 port 33892 [preauth]
May 12 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16547]: pam_unix(cron:session): session closed for user root
May 12 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19395]: pam_unix(cron:session): session closed for user samftp
May 12 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19658]: Invalid user test from 190.244.25.245
May 12 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19658]: input_userauth_request: invalid user test [preauth]
May 12 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19658]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19656]: Failed password for root from 117.40.119.252 port 44403 ssh2
May 12 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19656]: Connection closed by 117.40.119.252 port 44403 [preauth]
May 12 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19658]: Failed password for invalid user test from 190.244.25.245 port 39496 ssh2
May 12 10:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19658]: Received disconnect from 190.244.25.245 port 39496:11: Bye Bye [preauth]
May 12 10:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19658]: Disconnected from 190.244.25.245 port 39496 [preauth]
May 12 10:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19673]: Failed password for root from 117.40.119.252 port 46520 ssh2
May 12 10:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19673]: Connection closed by 117.40.119.252 port 46520 [preauth]
May 12 10:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19675]: Failed password for root from 117.40.119.252 port 48095 ssh2
May 12 10:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19675]: Connection closed by 117.40.119.252 port 48095 [preauth]
May 12 10:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19710]: Failed password for root from 117.40.119.252 port 52139 ssh2
May 12 10:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19710]: Connection closed by 117.40.119.252 port 52139 [preauth]
May 12 10:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: Failed password for root from 117.40.119.252 port 54260 ssh2
May 12 10:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: Connection closed by 117.40.119.252 port 54260 [preauth]
May 12 10:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: Failed password for root from 117.40.119.252 port 57448 ssh2
May 12 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18525]: pam_unix(cron:session): session closed for user root
May 12 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: Connection closed by 117.40.119.252 port 57448 [preauth]
May 12 10:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19775]: Failed password for root from 117.40.119.252 port 33228 ssh2
May 12 10:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19775]: Connection closed by 117.40.119.252 port 33228 [preauth]
May 12 10:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19798]: Failed password for root from 117.40.119.252 port 35231 ssh2
May 12 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19798]: Connection closed by 117.40.119.252 port 35231 [preauth]
May 12 10:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19809]: Failed password for root from 117.40.119.252 port 38577 ssh2
May 12 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19809]: Connection closed by 117.40.119.252 port 38577 [preauth]
May 12 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19819]: Failed password for root from 117.40.119.252 port 40641 ssh2
May 12 10:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19819]: Connection closed by 117.40.119.252 port 40641 [preauth]
May 12 10:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: Failed password for root from 117.40.119.252 port 42447 ssh2
May 12 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: Connection closed by 117.40.119.252 port 42447 [preauth]
May 12 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19838]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19839]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19835]: pam_unix(cron:session): session closed for user p13x
May 12 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19898]: Successful su for rubyman by root
May 12 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19898]: + ??? root:rubyman
May 12 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378477 of user rubyman.
May 12 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19898]: pam_unix(su:session): session closed for user rubyman
May 12 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378477.
May 12 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: Failed password for root from 117.40.119.252 port 44355 ssh2
May 12 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: Connection closed by 117.40.119.252 port 44355 [preauth]
May 12 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17035]: pam_unix(cron:session): session closed for user root
May 12 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19961]: Failed password for root from 117.40.119.252 port 45653 ssh2
May 12 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19961]: Connection closed by 117.40.119.252 port 45653 [preauth]
May 12 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19837]: pam_unix(cron:session): session closed for user samftp
May 12 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20098]: Failed password for root from 117.40.119.252 port 47174 ssh2
May 12 10:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20098]: Connection closed by 117.40.119.252 port 47174 [preauth]
May 12 10:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Failed password for root from 117.40.119.252 port 51663 ssh2
May 12 10:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Connection closed by 117.40.119.252 port 51663 [preauth]
May 12 10:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: Failed password for root from 117.40.119.252 port 53441 ssh2
May 12 10:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: Connection closed by 117.40.119.252 port 53441 [preauth]
May 12 10:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Failed password for root from 117.40.119.252 port 54927 ssh2
May 12 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Connection closed by 117.40.119.252 port 54927 [preauth]
May 12 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: Failed password for root from 117.40.119.252 port 57860 ssh2
May 12 10:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: Connection closed by 117.40.119.252 port 57860 [preauth]
May 12 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18957]: pam_unix(cron:session): session closed for user root
May 12 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20207]: Failed password for root from 117.40.119.252 port 33912 ssh2
May 12 10:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20207]: Connection closed by 117.40.119.252 port 33912 [preauth]
May 12 10:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20209]: Failed password for root from 117.40.119.252 port 35994 ssh2
May 12 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20209]: Connection closed by 117.40.119.252 port 35994 [preauth]
May 12 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20225]: Failed password for root from 117.40.119.252 port 38102 ssh2
May 12 10:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20225]: Connection closed by 117.40.119.252 port 38102 [preauth]
May 12 10:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: Failed password for root from 117.40.119.252 port 42388 ssh2
May 12 10:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: Connection closed by 117.40.119.252 port 42388 [preauth]
May 12 10:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Failed password for root from 117.40.119.252 port 44450 ssh2
May 12 10:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Connection closed by 117.40.119.252 port 44450 [preauth]
May 12 10:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20272]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20270]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20271]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20273]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20273]: pam_unix(cron:session): session closed for user root
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20268]: pam_unix(cron:session): session closed for user p13x
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20338]: Successful su for rubyman by root
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20338]: + ??? root:rubyman
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378481 of user rubyman.
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20338]: pam_unix(su:session): session closed for user rubyman
May 12 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378481.
May 12 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: Failed password for root from 117.40.119.252 port 45987 ssh2
May 12 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: Connection closed by 117.40.119.252 port 45987 [preauth]
May 12 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20270]: pam_unix(cron:session): session closed for user root
May 12 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17474]: pam_unix(cron:session): session closed for user root
May 12 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20269]: pam_unix(cron:session): session closed for user samftp
May 12 10:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: Failed password for root from 117.40.119.252 port 48073 ssh2
May 12 10:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: Connection closed by 117.40.119.252 port 48073 [preauth]
May 12 10:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Failed password for root from 117.40.119.252 port 50158 ssh2
May 12 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Connection closed by 117.40.119.252 port 50158 [preauth]
May 12 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Invalid user admin from 181.115.178.66
May 12 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: input_userauth_request: invalid user admin [preauth]
May 12 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 10:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Failed password for root from 117.40.119.252 port 51714 ssh2
May 12 10:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Connection closed by 117.40.119.252 port 51714 [preauth]
May 12 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Failed password for invalid user admin from 181.115.178.66 port 56518 ssh2
May 12 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Received disconnect from 181.115.178.66 port 56518:11: Bye Bye [preauth]
May 12 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Disconnected from 181.115.178.66 port 56518 [preauth]
May 12 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: Failed password for root from 117.40.119.252 port 53524 ssh2
May 12 10:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: Connection closed by 117.40.119.252 port 53524 [preauth]
May 12 10:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Failed password for root from 117.40.119.252 port 55283 ssh2
May 12 10:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Connection closed by 117.40.119.252 port 55283 [preauth]
May 12 10:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: Failed password for root from 117.40.119.252 port 57431 ssh2
May 12 10:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: Connection closed by 117.40.119.252 port 57431 [preauth]
May 12 10:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: Invalid user csgoserver from 181.49.50.6
May 12 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: input_userauth_request: invalid user csgoserver [preauth]
May 12 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6
May 12 10:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: Failed password for root from 117.40.119.252 port 59720 ssh2
May 12 10:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: Connection closed by 117.40.119.252 port 59720 [preauth]
May 12 10:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: Failed password for invalid user csgoserver from 181.49.50.6 port 56424 ssh2
May 12 10:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: Received disconnect from 181.49.50.6 port 56424:11: Bye Bye [preauth]
May 12 10:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: Disconnected from 181.49.50.6 port 56424 [preauth]
May 12 10:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20644]: Failed password for root from 117.40.119.252 port 33083 ssh2
May 12 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20644]: Connection closed by 117.40.119.252 port 33083 [preauth]
May 12 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19397]: pam_unix(cron:session): session closed for user root
May 12 10:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: Failed password for root from 117.40.119.252 port 35107 ssh2
May 12 10:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: Connection closed by 117.40.119.252 port 35107 [preauth]
May 12 10:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: Failed password for root from 117.40.119.252 port 36831 ssh2
May 12 10:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: Connection closed by 117.40.119.252 port 36831 [preauth]
May 12 10:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20691]: Failed password for root from 117.40.119.252 port 38978 ssh2
May 12 10:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20691]: Connection closed by 117.40.119.252 port 38978 [preauth]
May 12 10:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20707]: Failed password for root from 117.40.119.252 port 40629 ssh2
May 12 10:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20707]: Connection closed by 117.40.119.252 port 40629 [preauth]
May 12 10:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: Failed password for root from 117.40.119.252 port 42516 ssh2
May 12 10:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: Connection closed by 117.40.119.252 port 42516 [preauth]
May 12 10:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20729]: Failed password for root from 117.40.119.252 port 44240 ssh2
May 12 10:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20729]: Connection closed by 117.40.119.252 port 44240 [preauth]
May 12 10:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20731]: Failed password for root from 117.40.119.252 port 45951 ssh2
May 12 10:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20731]: Connection closed by 117.40.119.252 port 45951 [preauth]
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20754]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20751]: pam_unix(cron:session): session closed for user p13x
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20823]: Successful su for rubyman by root
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20823]: + ??? root:rubyman
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378487 of user rubyman.
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20823]: pam_unix(su:session): session closed for user rubyman
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378487.
May 12 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20846]: Failed password for root from 117.40.119.252 port 47946 ssh2
May 12 10:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20846]: Connection closed by 117.40.119.252 port 47946 [preauth]
May 12 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18039]: pam_unix(cron:session): session closed for user root
May 12 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20752]: pam_unix(cron:session): session closed for user samftp
May 12 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Failed password for root from 218.92.0.179 port 20843 ssh2
May 12 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Failed password for root from 218.92.0.179 port 20843 ssh2
May 12 10:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Failed password for root from 117.40.119.252 port 50924 ssh2
May 12 10:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Connection closed by 117.40.119.252 port 50924 [preauth]
May 12 10:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Failed password for root from 218.92.0.179 port 20843 ssh2
May 12 10:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Received disconnect from 218.92.0.179 port 20843:11:  [preauth]
May 12 10:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Disconnected from 218.92.0.179 port 20843 [preauth]
May 12 10:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 10:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: Failed password for root from 117.40.119.252 port 55008 ssh2
May 12 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: Connection closed by 117.40.119.252 port 55008 [preauth]
May 12 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21047]: Failed password for root from 117.40.119.252 port 56705 ssh2
May 12 10:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21047]: Connection closed by 117.40.119.252 port 56705 [preauth]
May 12 10:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Invalid user nushi from 80.94.95.125
May 12 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: input_userauth_request: invalid user nushi [preauth]
May 12 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 10:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21058]: Failed password for root from 117.40.119.252 port 58194 ssh2
May 12 10:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21058]: Connection closed by 117.40.119.252 port 58194 [preauth]
May 12 10:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Failed password for invalid user nushi from 80.94.95.125 port 28143 ssh2
May 12 10:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Received disconnect from 80.94.95.125 port 28143:11: Bye [preauth]
May 12 10:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Disconnected from 80.94.95.125 port 28143 [preauth]
May 12 10:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: Failed password for root from 117.40.119.252 port 60086 ssh2
May 12 10:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: Connection closed by 117.40.119.252 port 60086 [preauth]
May 12 10:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: Failed password for root from 117.40.119.252 port 34020 ssh2
May 12 10:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: Connection closed by 117.40.119.252 port 34020 [preauth]
May 12 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19839]: pam_unix(cron:session): session closed for user root
May 12 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: Failed password for root from 117.40.119.252 port 36817 ssh2
May 12 10:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: Connection closed by 117.40.119.252 port 36817 [preauth]
May 12 10:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Failed password for root from 117.40.119.252 port 39071 ssh2
May 12 10:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Connection closed by 117.40.119.252 port 39071 [preauth]
May 12 10:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Failed password for root from 117.40.119.252 port 40551 ssh2
May 12 10:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Connection closed by 117.40.119.252 port 40551 [preauth]
May 12 10:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: Failed password for root from 117.40.119.252 port 42085 ssh2
May 12 10:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: Connection closed by 117.40.119.252 port 42085 [preauth]
May 12 10:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: Failed password for root from 117.40.119.252 port 44145 ssh2
May 12 10:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: Connection closed by 117.40.119.252 port 44145 [preauth]
May 12 10:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: Failed password for root from 117.40.119.252 port 46017 ssh2
May 12 10:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: Connection closed by 117.40.119.252 port 46017 [preauth]
May 12 10:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: Failed password for root from 117.40.119.252 port 47612 ssh2
May 12 10:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: Connection closed by 117.40.119.252 port 47612 [preauth]
May 12 10:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Failed password for root from 117.40.119.252 port 49788 ssh2
May 12 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Connection closed by 117.40.119.252 port 49788 [preauth]
May 12 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21218]: pam_unix(cron:session): session closed for user p13x
May 12 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: Successful su for rubyman by root
May 12 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: + ??? root:rubyman
May 12 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378491 of user rubyman.
May 12 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: pam_unix(su:session): session closed for user rubyman
May 12 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378491.
May 12 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18524]: pam_unix(cron:session): session closed for user root
May 12 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: Failed password for root from 117.40.119.252 port 51576 ssh2
May 12 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: Connection closed by 117.40.119.252 port 51576 [preauth]
May 12 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session closed for user samftp
May 12 10:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Failed password for root from 117.40.119.252 port 53572 ssh2
May 12 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Connection closed by 117.40.119.252 port 53572 [preauth]
May 12 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21499]: Failed password for root from 117.40.119.252 port 55176 ssh2
May 12 10:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21499]: Connection closed by 117.40.119.252 port 55176 [preauth]
May 12 10:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21538]: Failed password for root from 117.40.119.252 port 59573 ssh2
May 12 10:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21538]: Connection closed by 117.40.119.252 port 59573 [preauth]
May 12 10:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Failed password for root from 117.40.119.252 port 32978 ssh2
May 12 10:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Connection closed by 117.40.119.252 port 32978 [preauth]
May 12 10:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: Failed password for root from 117.40.119.252 port 35089 ssh2
May 12 10:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: Connection closed by 117.40.119.252 port 35089 [preauth]
May 12 10:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Failed password for root from 117.40.119.252 port 37205 ssh2
May 12 10:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Connection closed by 117.40.119.252 port 37205 [preauth]
May 12 10:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20272]: pam_unix(cron:session): session closed for user root
May 12 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Failed password for root from 117.40.119.252 port 38737 ssh2
May 12 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Connection closed by 117.40.119.252 port 38737 [preauth]
May 12 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Failed password for root from 117.40.119.252 port 40319 ssh2
May 12 10:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Connection closed by 117.40.119.252 port 40319 [preauth]
May 12 10:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Failed password for root from 117.40.119.252 port 41999 ssh2
May 12 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Connection closed by 117.40.119.252 port 41999 [preauth]
May 12 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: Failed password for root from 117.40.119.252 port 43429 ssh2
May 12 10:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: Connection closed by 117.40.119.252 port 43429 [preauth]
May 12 10:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21677]: Failed password for root from 117.40.119.252 port 45233 ssh2
May 12 10:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21677]: Connection closed by 117.40.119.252 port 45233 [preauth]
May 12 10:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.234.143.55  user=root
May 12 10:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: Failed password for root from 117.40.119.252 port 46752 ssh2
May 12 10:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: Connection closed by 117.40.119.252 port 46752 [preauth]
May 12 10:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: Failed password for root from 47.234.143.55 port 44896 ssh2
May 12 10:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: Received disconnect from 47.234.143.55 port 44896:11: Bye Bye [preauth]
May 12 10:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: Disconnected from 47.234.143.55 port 44896 [preauth]
May 12 10:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: Failed password for root from 117.40.119.252 port 49721 ssh2
May 12 10:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: Connection closed by 117.40.119.252 port 49721 [preauth]
May 12 10:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21719]: Failed password for root from 117.40.119.252 port 51564 ssh2
May 12 10:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21719]: Connection closed by 117.40.119.252 port 51564 [preauth]
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: Invalid user ubuntu from 103.41.98.68
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: input_userauth_request: invalid user ubuntu [preauth]
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: pam_unix(sshd:auth): check pass; user unknown
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21726]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21724]: pam_unix(cron:session): session closed for user p13x
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21897]: Successful su for rubyman by root
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21897]: + ??? root:rubyman
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378495 of user rubyman.
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21897]: pam_unix(su:session): session closed for user rubyman
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378495.
May 12 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: Failed password for invalid user ubuntu from 103.41.98.68 port 44528 ssh2
May 12 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: Received disconnect from 103.41.98.68 port 44528:11: Bye Bye [preauth]
May 12 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: Disconnected from 103.41.98.68 port 44528 [preauth]
May 12 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Failed password for root from 117.40.119.252 port 53150 ssh2
May 12 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session closed for user root
May 12 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Connection closed by 117.40.119.252 port 53150 [preauth]
May 12 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21725]: pam_unix(cron:session): session closed for user samftp
May 12 10:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22275]: Failed password for root from 117.40.119.252 port 54885 ssh2
May 12 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22275]: Connection closed by 117.40.119.252 port 54885 [preauth]
May 12 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: Failed password for root from 190.244.25.245 port 48004 ssh2
May 12 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: Received disconnect from 190.244.25.245 port 48004:11: Bye Bye [preauth]
May 12 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: Disconnected from 190.244.25.245 port 48004 [preauth]
May 12 10:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: Failed password for root from 117.40.119.252 port 57306 ssh2
May 12 10:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: Connection closed by 117.40.119.252 port 57306 [preauth]
May 12 10:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22306]: Failed password for root from 117.40.119.252 port 59000 ssh2
May 12 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22306]: Connection closed by 117.40.119.252 port 59000 [preauth]
May 12 10:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: Failed password for root from 117.40.119.252 port 60057 ssh2
May 12 10:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: Connection closed by 117.40.119.252 port 60057 [preauth]
May 12 10:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: Failed password for root from 117.40.119.252 port 33815 ssh2
May 12 10:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: Connection closed by 117.40.119.252 port 33815 [preauth]
May 12 10:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: Failed password for root from 117.40.119.252 port 37037 ssh2
May 12 10:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: Connection closed by 117.40.119.252 port 37037 [preauth]
May 12 10:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20754]: pam_unix(cron:session): session closed for user root
May 12 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22386]: Failed password for root from 117.40.119.252 port 40117 ssh2
May 12 10:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22386]: Connection closed by 117.40.119.252 port 40117 [preauth]
May 12 10:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May 12 10:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: Failed password for root from 117.40.119.252 port 42136 ssh2
May 12 10:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: Connection closed by 117.40.119.252 port 42136 [preauth]
May 12 10:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Failed password for root from 218.92.0.230 port 35440 ssh2
May 12 10:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Failed password for root from 218.92.0.230 port 35440 ssh2
May 12 10:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Failed password for root from 218.92.0.230 port 35440 ssh2
May 12 10:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Received disconnect from 218.92.0.230 port 35440:11:  [preauth]
May 12 10:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Disconnected from 218.92.0.230 port 35440 [preauth]
May 12 10:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May 12 10:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: Failed password for root from 117.40.119.252 port 43510 ssh2
May 12 10:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: Connection closed by 117.40.119.252 port 43510 [preauth]
May 12 10:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22469]: Failed password for root from 117.40.119.252 port 46793 ssh2
May 12 10:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22469]: Connection closed by 117.40.119.252 port 46793 [preauth]
May 12 10:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May 12 10:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Failed password for root from 190.244.25.245 port 48722 ssh2
May 12 10:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Received disconnect from 190.244.25.245 port 48722:11: Bye Bye [preauth]
May 12 10:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Disconnected from 190.244.25.245 port 48722 [preauth]
May 12 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: Failed password for root from 117.40.119.252 port 48368 ssh2
May 12 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: Connection closed by 117.40.119.252 port 48368 [preauth]
May 12 10:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22504]: Failed password for root from 117.40.119.252 port 52566 ssh2
May 12 10:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22504]: Connection closed by 117.40.119.252 port 52566 [preauth]
May 12 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22509]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22510]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22507]: pam_unix(cron:session): session closed for user p13x
May 12 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22589]: Successful su for rubyman by root
May 12 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22589]: + ??? root:rubyman
May 12 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378499 of user rubyman.
May 12 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22589]: pam_unix(su:session): session closed for user rubyman
May 12 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378499.
May 12 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19396]: pam_unix(cron:session): session closed for user root
May 12 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22661]: Failed password for root from 117.40.119.252 port 54224 ssh2
May 12 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22661]: Connection closed by 117.40.119.252 port 54224 [preauth]
May 12 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22508]: pam_unix(cron:session): session closed for user samftp
May 12 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: Failed password for root from 117.40.119.252 port 57100 ssh2
May 12 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: Connection closed by 117.40.119.252 port 57100 [preauth]
May 12 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Failed password for root from 117.40.119.252 port 58549 ssh2
May 12 10:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Connection closed by 117.40.119.252 port 58549 [preauth]
May 12 10:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22805]: Failed password for root from 117.40.119.252 port 60159 ssh2
May 12 10:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22805]: Connection closed by 117.40.119.252 port 60159 [preauth]
May 12 10:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22838]: Failed password for root from 117.40.119.252 port 33644 ssh2
May 12 10:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22838]: Connection closed by 117.40.119.252 port 33644 [preauth]
May 12 10:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: Failed password for root from 117.40.119.252 port 35355 ssh2
May 12 10:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: Connection closed by 117.40.119.252 port 35355 [preauth]
May 12 10:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: Failed password for root from 117.40.119.252 port 36892 ssh2
May 12 10:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: Connection closed by 117.40.119.252 port 36892 [preauth]
May 12 10:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: Failed password for root from 117.40.119.252 port 39073 ssh2
May 12 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: Connection closed by 117.40.119.252 port 39073 [preauth]
May 12 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22883]: Failed password for root from 117.40.119.252 port 40550 ssh2
May 12 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22883]: Connection closed by 117.40.119.252 port 40550 [preauth]
May 12 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session closed for user root
May 12 10:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Failed password for root from 117.40.119.252 port 42066 ssh2
May 12 10:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Connection closed by 117.40.119.252 port 42066 [preauth]
May 12 10:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: Failed password for root from 117.40.119.252 port 43770 ssh2
May 12 10:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: Connection closed by 117.40.119.252 port 43770 [preauth]
May 12 10:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May 12 10:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: Failed password for root from 190.103.202.7 port 56056 ssh2
May 12 10:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: Connection closed by 190.103.202.7 port 56056 [preauth]
May 12 10:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Failed password for root from 117.40.119.252 port 50925 ssh2
May 12 10:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Connection closed by 117.40.119.252 port 50925 [preauth]
May 12 10:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 10:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23006]: Failed password for root from 117.40.119.252 port 54046 ssh2
May 12 10:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23006]: Connection closed by 117.40.119.252 port 54046 [preauth]
May 12 10:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 10:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: Failed password for root from 117.40.119.252 port 55851 ssh2
May 12 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: Connection closed by 117.40.119.252 port 55851 [preauth]
May 12 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23033]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23035]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23032]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23034]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23036]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23036]: pam_unix(cron:session): session closed for user root
May 12 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23032]: pam_unix(cron:session): session closed for user root
May 12 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23030]: pam_unix(cron:session): session closed for user p13x
May 12 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23124]: Successful su for rubyman by root
May 12 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23124]: + ??? root:rubyman
May 12 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378503 of user rubyman.
May 12 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23124]: pam_unix(su:session): session closed for user rubyman
May 12 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378503.
May 12 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19838]: pam_unix(cron:session): session closed for user root
May 12 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23033]: pam_unix(cron:session): session closed for user root
May 12 11:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23031]: pam_unix(cron:session): session closed for user samftp
May 12 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: Failed password for root from 117.40.119.252 port 60160 ssh2
May 12 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: Connection closed by 117.40.119.252 port 60160 [preauth]
May 12 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: Failed password for root from 117.40.119.252 port 33841 ssh2
May 12 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: Connection closed by 117.40.119.252 port 33841 [preauth]
May 12 11:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Failed password for root from 117.40.119.252 port 35536 ssh2
May 12 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Connection closed by 117.40.119.252 port 35536 [preauth]
May 12 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: Failed password for root from 117.40.119.252 port 37151 ssh2
May 12 11:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: Connection closed by 117.40.119.252 port 37151 [preauth]
May 12 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: Failed password for root from 117.40.119.252 port 38666 ssh2
May 12 11:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: Connection closed by 117.40.119.252 port 38666 [preauth]
May 12 11:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Invalid user roch from 181.49.50.6
May 12 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: input_userauth_request: invalid user roch [preauth]
May 12 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6
May 12 11:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Failed password for invalid user roch from 181.49.50.6 port 35808 ssh2
May 12 11:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Received disconnect from 181.49.50.6 port 35808:11: Bye Bye [preauth]
May 12 11:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Disconnected from 181.49.50.6 port 35808 [preauth]
May 12 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: Failed password for root from 117.40.119.252 port 41832 ssh2
May 12 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: Connection closed by 117.40.119.252 port 41832 [preauth]
May 12 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session closed for user root
May 12 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23574]: Failed password for root from 117.40.119.252 port 46491 ssh2
May 12 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23574]: Connection closed by 117.40.119.252 port 46491 [preauth]
May 12 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23594]: Failed password for root from 117.40.119.252 port 48047 ssh2
May 12 11:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23594]: Connection closed by 117.40.119.252 port 48047 [preauth]
May 12 11:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: Failed password for root from 117.40.119.252 port 51242 ssh2
May 12 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: Connection closed by 117.40.119.252 port 51242 [preauth]
May 12 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: Failed password for root from 117.40.119.252 port 53418 ssh2
May 12 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: Connection closed by 117.40.119.252 port 53418 [preauth]
May 12 11:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: Failed password for root from 117.40.119.252 port 55034 ssh2
May 12 11:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: Connection closed by 117.40.119.252 port 55034 [preauth]
May 12 11:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23662]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23661]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23659]: pam_unix(cron:session): session closed for user p13x
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23727]: Successful su for rubyman by root
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23727]: + ??? root:rubyman
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378510 of user rubyman.
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23727]: pam_unix(su:session): session closed for user rubyman
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378510.
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: Invalid user bitcoin from 181.115.178.66
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: input_userauth_request: invalid user bitcoin [preauth]
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66
May 12 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: Failed password for invalid user bitcoin from 181.115.178.66 port 53652 ssh2
May 12 11:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: Received disconnect from 181.115.178.66 port 53652:11: Bye Bye [preauth]
May 12 11:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: Disconnected from 181.115.178.66 port 53652 [preauth]
May 12 11:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: Failed password for root from 117.40.119.252 port 59809 ssh2
May 12 11:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: Connection closed by 117.40.119.252 port 59809 [preauth]
May 12 11:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20271]: pam_unix(cron:session): session closed for user root
May 12 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23660]: pam_unix(cron:session): session closed for user samftp
May 12 11:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23998]: Failed password for root from 117.40.119.252 port 33593 ssh2
May 12 11:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23998]: Connection closed by 117.40.119.252 port 33593 [preauth]
May 12 11:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: Failed password for root from 117.40.119.252 port 35263 ssh2
May 12 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: Connection closed by 117.40.119.252 port 35263 [preauth]
May 12 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: Failed password for root from 117.40.119.252 port 37402 ssh2
May 12 11:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: Connection closed by 117.40.119.252 port 37402 [preauth]
May 12 11:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Failed password for root from 117.40.119.252 port 38849 ssh2
May 12 11:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Connection closed by 117.40.119.252 port 38849 [preauth]
May 12 11:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: Failed password for root from 117.40.119.252 port 41974 ssh2
May 12 11:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: Connection closed by 117.40.119.252 port 41974 [preauth]
May 12 11:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for root from 117.40.119.252 port 44231 ssh2
May 12 11:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Connection closed by 117.40.119.252 port 44231 [preauth]
May 12 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22510]: pam_unix(cron:session): session closed for user root
May 12 11:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: Failed password for root from 117.40.119.252 port 47314 ssh2
May 12 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: Connection closed by 117.40.119.252 port 47314 [preauth]
May 12 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: Failed password for root from 117.40.119.252 port 50486 ssh2
May 12 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: Connection closed by 117.40.119.252 port 50486 [preauth]
May 12 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: Failed password for root from 117.40.119.252 port 52206 ssh2
May 12 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: Connection closed by 117.40.119.252 port 52206 [preauth]
May 12 11:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: Failed password for root from 117.40.119.252 port 56536 ssh2
May 12 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: Connection closed by 117.40.119.252 port 56536 [preauth]
May 12 11:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Failed password for root from 117.40.119.252 port 58122 ssh2
May 12 11:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Connection closed by 117.40.119.252 port 58122 [preauth]
May 12 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24228]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session closed for user p13x
May 12 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24296]: Successful su for rubyman by root
May 12 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24296]: + ??? root:rubyman
May 12 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378513 of user rubyman.
May 12 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24296]: pam_unix(su:session): session closed for user rubyman
May 12 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378513.
May 12 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: Failed password for root from 117.40.119.252 port 60093 ssh2
May 12 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: Connection closed by 117.40.119.252 port 60093 [preauth]
May 12 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session closed for user root
May 12 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session closed for user samftp
May 12 11:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Failed password for root from 117.40.119.252 port 36871 ssh2
May 12 11:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Connection closed by 117.40.119.252 port 36871 [preauth]
May 12 11:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: Failed password for root from 117.40.119.252 port 38605 ssh2
May 12 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: Connection closed by 117.40.119.252 port 38605 [preauth]
May 12 11:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Failed password for root from 117.40.119.252 port 40859 ssh2
May 12 11:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Connection closed by 117.40.119.252 port 40859 [preauth]
May 12 11:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: Failed password for root from 117.40.119.252 port 42511 ssh2
May 12 11:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: Connection closed by 117.40.119.252 port 42511 [preauth]
May 12 11:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Failed password for root from 117.40.119.252 port 45832 ssh2
May 12 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Connection closed by 117.40.119.252 port 45832 [preauth]
May 12 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: Failed password for root from 117.40.119.252 port 48947 ssh2
May 12 11:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: Connection closed by 117.40.119.252 port 48947 [preauth]
May 12 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23035]: pam_unix(cron:session): session closed for user root
May 12 11:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Failed password for root from 117.40.119.252 port 50400 ssh2
May 12 11:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Connection closed by 117.40.119.252 port 50400 [preauth]
May 12 11:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May 12 11:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24638]: Failed password for root from 45.6.188.43 port 53290 ssh2
May 12 11:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24638]: Connection closed by 45.6.188.43 port 53290 [preauth]
May 12 11:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: Failed password for root from 117.40.119.252 port 53566 ssh2
May 12 11:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: Connection closed by 117.40.119.252 port 53566 [preauth]
May 12 11:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: Failed password for root from 117.40.119.252 port 56257 ssh2
May 12 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: Connection closed by 117.40.119.252 port 56257 [preauth]
May 12 11:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Failed password for root from 117.40.119.252 port 58411 ssh2
May 12 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Connection closed by 117.40.119.252 port 58411 [preauth]
May 12 11:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24681]: Failed password for root from 117.40.119.252 port 60811 ssh2
May 12 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24681]: Connection closed by 117.40.119.252 port 60811 [preauth]
May 12 11:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24702]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24703]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24698]: pam_unix(cron:session): session closed for user p13x
May 12 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24766]: Successful su for rubyman by root
May 12 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24766]: + ??? root:rubyman
May 12 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378517 of user rubyman.
May 12 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24766]: pam_unix(su:session): session closed for user rubyman
May 12 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378517.
May 12 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: Failed password for root from 117.40.119.252 port 34122 ssh2
May 12 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: Connection closed by 117.40.119.252 port 34122 [preauth]
May 12 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session closed for user root
May 12 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24699]: pam_unix(cron:session): session closed for user samftp
May 12 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24924]: Failed password for root from 117.40.119.252 port 37708 ssh2
May 12 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24924]: Connection closed by 117.40.119.252 port 37708 [preauth]
May 12 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: Failed password for root from 117.40.119.252 port 39483 ssh2
May 12 11:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: Connection closed by 117.40.119.252 port 39483 [preauth]
May 12 11:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24969]: Failed password for root from 117.40.119.252 port 41848 ssh2
May 12 11:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24969]: Connection closed by 117.40.119.252 port 41848 [preauth]
May 12 11:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Failed password for root from 117.40.119.252 port 43733 ssh2
May 12 11:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Connection closed by 117.40.119.252 port 43733 [preauth]
May 12 11:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68  user=root
May 12 11:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: Failed password for root from 117.40.119.252 port 47995 ssh2
May 12 11:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: Connection closed by 117.40.119.252 port 47995 [preauth]
May 12 11:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: Failed password for root from 103.41.98.68 port 43720 ssh2
May 12 11:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: Received disconnect from 103.41.98.68 port 43720:11: Bye Bye [preauth]
May 12 11:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: Disconnected from 103.41.98.68 port 43720 [preauth]
May 12 11:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25031]: Failed password for root from 117.40.119.252 port 49664 ssh2
May 12 11:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25031]: Connection closed by 117.40.119.252 port 49664 [preauth]
May 12 11:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: Failed password for root from 117.40.119.252 port 51169 ssh2
May 12 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: Connection closed by 117.40.119.252 port 51169 [preauth]
May 12 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23662]: pam_unix(cron:session): session closed for user root
May 12 11:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Failed password for root from 117.40.119.252 port 53131 ssh2
May 12 11:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Connection closed by 117.40.119.252 port 53131 [preauth]
May 12 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Failed password for root from 117.40.119.252 port 57816 ssh2
May 12 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Connection closed by 117.40.119.252 port 57816 [preauth]
May 12 11:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25104]: Failed password for root from 117.40.119.252 port 59669 ssh2
May 12 11:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25104]: Connection closed by 117.40.119.252 port 59669 [preauth]
May 12 11:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: Invalid user ubuntu from 190.244.25.245
May 12 11:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: input_userauth_request: invalid user ubuntu [preauth]
May 12 11:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 11:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Failed password for root from 117.40.119.252 port 34228 ssh2
May 12 11:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Connection closed by 117.40.119.252 port 34228 [preauth]
May 12 11:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: Failed password for invalid user ubuntu from 190.244.25.245 port 36292 ssh2
May 12 11:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: Received disconnect from 190.244.25.245 port 36292:11: Bye Bye [preauth]
May 12 11:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: Disconnected from 190.244.25.245 port 36292 [preauth]
May 12 11:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Failed password for root from 117.40.119.252 port 35761 ssh2
May 12 11:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Connection closed by 117.40.119.252 port 35761 [preauth]
May 12 11:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25149]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25150]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25147]: pam_unix(cron:session): session closed for user p13x
May 12 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25205]: Successful su for rubyman by root
May 12 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25205]: + ??? root:rubyman
May 12 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378521 of user rubyman.
May 12 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25205]: pam_unix(su:session): session closed for user rubyman
May 12 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378521.
May 12 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25130]: Failed password for root from 117.40.119.252 port 37290 ssh2
May 12 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25130]: Connection closed by 117.40.119.252 port 37290 [preauth]
May 12 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21726]: pam_unix(cron:session): session closed for user root
May 12 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: Failed password for root from 117.40.119.252 port 40257 ssh2
May 12 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: Connection closed by 117.40.119.252 port 40257 [preauth]
May 12 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25148]: pam_unix(cron:session): session closed for user samftp
May 12 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25390]: Failed password for root from 117.40.119.252 port 41887 ssh2
May 12 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25390]: Connection closed by 117.40.119.252 port 41887 [preauth]
May 12 11:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: Failed password for root from 117.40.119.252 port 43594 ssh2
May 12 11:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: Connection closed by 117.40.119.252 port 43594 [preauth]
May 12 11:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: Failed password for root from 117.40.119.252 port 45550 ssh2
May 12 11:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: Connection closed by 117.40.119.252 port 45550 [preauth]
May 12 11:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: Failed password for root from 117.40.119.252 port 47018 ssh2
May 12 11:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: Connection closed by 117.40.119.252 port 47018 [preauth]
May 12 11:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25469]: Failed password for root from 117.40.119.252 port 51560 ssh2
May 12 11:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25469]: Connection closed by 117.40.119.252 port 51560 [preauth]
May 12 11:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25478]: Failed password for root from 117.40.119.252 port 52947 ssh2
May 12 11:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25478]: Connection closed by 117.40.119.252 port 52947 [preauth]
May 12 11:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: Failed password for root from 117.40.119.252 port 54594 ssh2
May 12 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24228]: pam_unix(cron:session): session closed for user root
May 12 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: Connection closed by 117.40.119.252 port 54594 [preauth]
May 12 11:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Invalid user test from 190.244.25.245
May 12 11:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: input_userauth_request: invalid user test [preauth]
May 12 11:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May 12 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Failed password for invalid user test from 190.244.25.245 port 49764 ssh2
May 12 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Received disconnect from 190.244.25.245 port 49764:11: Bye Bye [preauth]
May 12 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Disconnected from 190.244.25.245 port 49764 [preauth]
May 12 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Failed password for root from 117.40.119.252 port 56253 ssh2
May 12 11:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Connection closed by 117.40.119.252 port 56253 [preauth]
May 12 11:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25549]: Failed password for root from 117.40.119.252 port 58907 ssh2
May 12 11:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25549]: Connection closed by 117.40.119.252 port 58907 [preauth]
May 12 11:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25551]: Failed password for root from 117.40.119.252 port 60960 ssh2
May 12 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25551]: Connection closed by 117.40.119.252 port 60960 [preauth]
May 12 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25582]: Failed password for root from 117.40.119.252 port 34412 ssh2
May 12 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25582]: Connection closed by 117.40.119.252 port 34412 [preauth]
May 12 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Failed password for root from 117.40.119.252 port 37186 ssh2
May 12 11:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Connection closed by 117.40.119.252 port 37186 [preauth]
May 12 11:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: Failed password for root from 117.40.119.252 port 40414 ssh2
May 12 11:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: Connection closed by 117.40.119.252 port 40414 [preauth]
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25618]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25619]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25619]: pam_unix(cron:session): session closed for user root
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session closed for user p13x
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25717]: Successful su for rubyman by root
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25717]: + ??? root:rubyman
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378527 of user rubyman.
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25717]: pam_unix(su:session): session closed for user rubyman
May 12 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378527.
May 12 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session closed for user root
May 12 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22509]: pam_unix(cron:session): session closed for user root
May 12 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user samftp
May 12 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: Failed password for root from 117.40.119.252 port 44627 ssh2
May 12 11:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: Connection closed by 117.40.119.252 port 44627 [preauth]
May 12 11:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25988]: Failed password for root from 117.40.119.252 port 47630 ssh2
May 12 11:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25988]: Connection closed by 117.40.119.252 port 47630 [preauth]
May 12 11:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: Failed password for root from 117.40.119.252 port 49238 ssh2
May 12 11:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: Connection closed by 117.40.119.252 port 49238 [preauth]
May 12 11:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: Failed password for root from 117.40.119.252 port 53319 ssh2
May 12 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: Connection closed by 117.40.119.252 port 53319 [preauth]
May 12 11:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.50.6  user=root
May 12 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: Failed password for root from 181.49.50.6 port 43404 ssh2
May 12 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: Received disconnect from 181.49.50.6 port 43404:11: Bye Bye [preauth]
May 12 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: Disconnected from 181.49.50.6 port 43404 [preauth]
May 12 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: Failed password for root from 117.40.119.252 port 56305 ssh2
May 12 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24703]: pam_unix(cron:session): session closed for user root
May 12 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: Connection closed by 117.40.119.252 port 56305 [preauth]
May 12 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Failed password for root from 117.40.119.252 port 59145 ssh2
May 12 11:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Connection closed by 117.40.119.252 port 59145 [preauth]
May 12 11:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Failed password for root from 117.40.119.252 port 60647 ssh2
May 12 11:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Connection closed by 117.40.119.252 port 60647 [preauth]
May 12 11:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26128]: Failed password for root from 117.40.119.252 port 38944 ssh2
May 12 11:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26128]: Connection closed by 117.40.119.252 port 38944 [preauth]
May 12 11:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: Failed password for root from 117.40.119.252 port 40288 ssh2
May 12 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: Connection closed by 117.40.119.252 port 40288 [preauth]
May 12 11:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session closed for user p13x
May 12 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: Successful su for rubyman by root
May 12 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: + ??? root:rubyman
May 12 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378531 of user rubyman.
May 12 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: pam_unix(su:session): session closed for user rubyman
May 12 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378531.
May 12 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: Failed password for root from 117.40.119.252 port 44531 ssh2
May 12 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: Connection closed by 117.40.119.252 port 44531 [preauth]
May 12 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23034]: pam_unix(cron:session): session closed for user root
May 12 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: Failed password for root from 117.40.119.252 port 46321 ssh2
May 12 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: Connection closed by 117.40.119.252 port 46321 [preauth]
May 12 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26154]: pam_unix(cron:session): session closed for user samftp
May 12 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26436]: Failed password for root from 117.40.119.252 port 48131 ssh2
May 12 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26436]: Connection closed by 117.40.119.252 port 48131 [preauth]
May 12 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: Failed password for root from 117.40.119.252 port 51273 ssh2
May 12 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: Connection closed by 117.40.119.252 port 51273 [preauth]
May 12 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: Failed password for root from 117.40.119.252 port 53181 ssh2
May 12 11:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: Connection closed by 117.40.119.252 port 53181 [preauth]
May 12 11:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Failed password for root from 117.40.119.252 port 55388 ssh2
May 12 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Connection closed by 117.40.119.252 port 55388 [preauth]
May 12 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Failed password for root from 117.40.119.252 port 57445 ssh2
May 12 11:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Connection closed by 117.40.119.252 port 57445 [preauth]
May 12 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25150]: pam_unix(cron:session): session closed for user root
May 12 11:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Failed password for root from 117.40.119.252 port 33164 ssh2
May 12 11:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.178.66  user=root
May 12 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Connection closed by 117.40.119.252 port 33164 [preauth]
May 12 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: Failed password for root from 181.115.178.66 port 46240 ssh2
May 12 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: Received disconnect from 181.115.178.66 port 46240:11: Bye Bye [preauth]
May 12 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: Disconnected from 181.115.178.66 port 46240 [preauth]
May 12 11:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Failed password for root from 117.40.119.252 port 36501 ssh2
May 12 11:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Connection closed by 117.40.119.252 port 36501 [preauth]
May 12 11:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 11:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Failed password for root from 218.92.0.179 port 38389 ssh2
May 12 11:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Failed password for root from 218.92.0.179 port 38389 ssh2
May 12 11:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: Failed password for root from 117.40.119.252 port 40782 ssh2
May 12 11:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: Connection closed by 117.40.119.252 port 40782 [preauth]
May 12 11:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Failed password for root from 218.92.0.179 port 38389 ssh2
May 12 11:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Received disconnect from 218.92.0.179 port 38389:11:  [preauth]
May 12 11:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Disconnected from 218.92.0.179 port 38389 [preauth]
May 12 11:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 11:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Failed password for root from 117.40.119.252 port 42386 ssh2
May 12 11:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Connection closed by 117.40.119.252 port 42386 [preauth]
May 12 11:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Failed password for root from 117.40.119.252 port 44121 ssh2
May 12 11:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Connection closed by 117.40.119.252 port 44121 [preauth]
May 12 11:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: Failed password for root from 117.40.119.252 port 45742 ssh2
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26683]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session closed for user p13x
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: Connection closed by 117.40.119.252 port 45742 [preauth]
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26751]: Successful su for rubyman by root
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26751]: + ??? root:rubyman
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378537 of user rubyman.
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26751]: pam_unix(su:session): session closed for user rubyman
May 12 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378537.
May 12 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: Failed password for root from 117.40.119.252 port 47908 ssh2
May 12 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: Connection closed by 117.40.119.252 port 47908 [preauth]
May 12 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23661]: pam_unix(cron:session): session closed for user root
May 12 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26680]: pam_unix(cron:session): session closed for user samftp
May 12 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26979]: Failed password for root from 117.40.119.252 port 49497 ssh2
May 12 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26979]: Connection closed by 117.40.119.252 port 49497 [preauth]
May 12 11:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: Connection reset by 218.92.0.237 port 35212 [preauth]
May 12 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Failed password for root from 117.40.119.252 port 51147 ssh2
May 12 11:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Connection closed by 117.40.119.252 port 51147 [preauth]
May 12 11:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: Failed password for root from 117.40.119.252 port 53358 ssh2
May 12 11:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: Connection closed by 117.40.119.252 port 53358 [preauth]
May 12 11:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: Failed password for root from 117.40.119.252 port 54905 ssh2
May 12 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: Connection closed by 117.40.119.252 port 54905 [preauth]
May 12 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: Failed password for root from 117.40.119.252 port 56647 ssh2
May 12 11:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: Connection closed by 117.40.119.252 port 56647 [preauth]
May 12 11:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: Failed password for root from 117.40.119.252 port 57875 ssh2
May 12 11:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: Connection closed by 117.40.119.252 port 57875 [preauth]
May 12 11:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: Failed password for root from 117.40.119.252 port 59673 ssh2
May 12 11:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: Connection closed by 117.40.119.252 port 59673 [preauth]
May 12 11:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Failed password for root from 117.40.119.252 port 33465 ssh2
May 12 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Connection closed by 117.40.119.252 port 33465 [preauth]
May 12 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25618]: pam_unix(cron:session): session closed for user root
May 12 11:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: Failed password for root from 117.40.119.252 port 35074 ssh2
May 12 11:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: Connection closed by 117.40.119.252 port 35074 [preauth]
May 12 11:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Failed password for root from 117.40.119.252 port 36828 ssh2
May 12 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Connection closed by 117.40.119.252 port 36828 [preauth]
May 12 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: Failed password for root from 117.40.119.252 port 38458 ssh2
May 12 11:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: Connection closed by 117.40.119.252 port 38458 [preauth]
May 12 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: Failed password for root from 117.40.119.252 port 40001 ssh2
May 12 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: Connection closed by 117.40.119.252 port 40001 [preauth]
May 12 11:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27202]: Failed password for root from 117.40.119.252 port 41579 ssh2
May 12 11:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27202]: Connection closed by 117.40.119.252 port 41579 [preauth]
May 12 11:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27205]: Failed password for root from 117.40.119.252 port 43685 ssh2
May 12 11:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27205]: Connection closed by 117.40.119.252 port 43685 [preauth]
May 12 11:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for root from 117.40.119.252 port 44886 ssh2
May 12 11:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Connection closed by 117.40.119.252 port 44886 [preauth]
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session closed for user p13x
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: Successful su for rubyman by root
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: + ??? root:rubyman
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378542 of user rubyman.
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: pam_unix(su:session): session closed for user rubyman
May 12 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378542.
May 12 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24227]: pam_unix(cron:session): session closed for user root
May 12 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Failed password for root from 117.40.119.252 port 49736 ssh2
May 12 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Connection closed by 117.40.119.252 port 49736 [preauth]
May 12 11:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session closed for user samftp
May 12 11:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: Failed password for root from 117.40.119.252 port 51948 ssh2
May 12 11:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: Connection closed by 117.40.119.252 port 51948 [preauth]
May 12 11:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27600]: Failed password for root from 117.40.119.252 port 54252 ssh2
May 12 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27600]: Connection closed by 117.40.119.252 port 54252 [preauth]
May 12 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Failed password for root from 117.40.119.252 port 55898 ssh2
May 12 11:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Connection closed by 117.40.119.252 port 55898 [preauth]
May 12 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27639]: Failed password for root from 117.40.119.252 port 59653 ssh2
May 12 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27639]: Connection closed by 117.40.119.252 port 59653 [preauth]
May 12 11:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27653]: Failed password for root from 117.40.119.252 port 32952 ssh2
May 12 11:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27653]: Connection closed by 117.40.119.252 port 32952 [preauth]
May 12 11:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27667]: Failed password for root from 117.40.119.252 port 34982 ssh2
May 12 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27667]: Connection closed by 117.40.119.252 port 34982 [preauth]
May 12 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: Failed password for root from 117.40.119.252 port 36584 ssh2
May 12 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: Connection closed by 117.40.119.252 port 36584 [preauth]
May 12 11:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session closed for user root
May 12 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27710]: Failed password for root from 117.40.119.252 port 38033 ssh2
May 12 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27710]: Connection closed by 117.40.119.252 port 38033 [preauth]
May 12 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27721]: Failed password for root from 117.40.119.252 port 41272 ssh2
May 12 11:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27721]: Connection closed by 117.40.119.252 port 41272 [preauth]
May 12 11:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68  user=root
May 12 11:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27723]: Failed password for root from 103.41.98.68 port 54930 ssh2
May 12 11:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: Failed password for root from 117.40.119.252 port 42794 ssh2
May 12 11:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27723]: Received disconnect from 103.41.98.68 port 54930:11: Bye Bye [preauth]
May 12 11:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27723]: Disconnected from 103.41.98.68 port 54930 [preauth]
May 12 11:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: Connection closed by 117.40.119.252 port 42794 [preauth]
May 12 11:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27759]: Failed password for root from 117.40.119.252 port 44972 ssh2
May 12 11:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27759]: Connection closed by 117.40.119.252 port 44972 [preauth]
May 12 11:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27761]: Failed password for root from 117.40.119.252 port 48051 ssh2
May 12 11:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27761]: Connection closed by 117.40.119.252 port 48051 [preauth]
May 12 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session closed for user p13x
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27930]: Successful su for rubyman by root
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27930]: + ??? root:rubyman
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378543 of user rubyman.
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27930]: pam_unix(su:session): session closed for user rubyman
May 12 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378543.
May 12 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27783]: pam_unix(cron:session): session closed for user root
May 12 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27772]: Failed password for root from 117.40.119.252 port 49937 ssh2
May 12 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27772]: Connection closed by 117.40.119.252 port 49937 [preauth]
May 12 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24702]: pam_unix(cron:session): session closed for user root
May 12 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: Failed password for root from 117.40.119.252 port 53298 ssh2
May 12 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session closed for user samftp
May 12 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: Connection closed by 117.40.119.252 port 53298 [preauth]
May 12 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Failed password for root from 117.40.119.252 port 54944 ssh2
May 12 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Connection closed by 117.40.119.252 port 54944 [preauth]
May 12 11:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28181]: Failed password for root from 117.40.119.252 port 57142 ssh2
May 12 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28181]: Connection closed by 117.40.119.252 port 57142 [preauth]
May 12 11:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28191]: Failed password for root from 117.40.119.252 port 60715 ssh2
May 12 11:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28191]: Connection closed by 117.40.119.252 port 60715 [preauth]
May 12 11:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28214]: Failed password for root from 117.40.119.252 port 34168 ssh2
May 12 11:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28214]: Connection closed by 117.40.119.252 port 34168 [preauth]
May 12 11:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28225]: Failed password for root from 117.40.119.252 port 37159 ssh2
May 12 11:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28225]: Connection closed by 117.40.119.252 port 37159 [preauth]
May 12 11:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Failed password for root from 117.40.119.252 port 38931 ssh2
May 12 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Connection closed by 117.40.119.252 port 38931 [preauth]
May 12 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session closed for user root
May 12 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: Failed password for root from 117.40.119.252 port 40301 ssh2
May 12 11:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: Connection closed by 117.40.119.252 port 40301 [preauth]
May 12 11:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Failed password for root from 117.40.119.252 port 42669 ssh2
May 12 11:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Connection closed by 117.40.119.252 port 42669 [preauth]
May 12 11:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: Failed password for root from 117.40.119.252 port 44451 ssh2
May 12 11:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: Connection closed by 117.40.119.252 port 44451 [preauth]
May 12 11:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Failed password for root from 117.40.119.252 port 45994 ssh2
May 12 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Connection closed by 117.40.119.252 port 45994 [preauth]
May 12 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: Failed password for root from 117.40.119.252 port 49323 ssh2
May 12 11:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: Connection closed by 117.40.119.252 port 49323 [preauth]
May 12 11:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Failed password for root from 117.40.119.252 port 52596 ssh2
May 12 11:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Connection closed by 117.40.119.252 port 52596 [preauth]
May 12 11:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28336]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28337]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28339]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28339]: pam_unix(cron:session): session closed for user root
May 12 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session closed for user p13x
May 12 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28412]: Successful su for rubyman by root
May 12 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28412]: + ??? root:rubyman
May 12 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378551 of user rubyman.
May 12 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28412]: pam_unix(su:session): session closed for user rubyman
May 12 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378551.
May 12 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: Failed password for root from 117.40.119.252 port 54159 ssh2
May 12 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: Connection closed by 117.40.119.252 port 54159 [preauth]
May 12 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28336]: pam_unix(cron:session): session closed for user root
May 12 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25149]: pam_unix(cron:session): session closed for user root
May 12 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28510]: Failed password for root from 117.40.119.252 port 55791 ssh2
May 12 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28510]: Connection closed by 117.40.119.252 port 55791 [preauth]
May 12 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: Failed password for root from 80.94.95.125 port 38782 ssh2
May 12 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28335]: pam_unix(cron:session): session closed for user samftp
May 12 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: Received disconnect from 80.94.95.125 port 38782:11: Bye [preauth]
May 12 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: Disconnected from 80.94.95.125 port 38782 [preauth]
May 12 11:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28614]: Failed password for root from 117.40.119.252 port 57332 ssh2
May 12 11:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28614]: Connection closed by 117.40.119.252 port 57332 [preauth]
May 12 11:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28639]: Failed password for root from 117.40.119.252 port 59016 ssh2
May 12 11:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28639]: Connection closed by 117.40.119.252 port 59016 [preauth]
May 12 11:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Failed password for root from 117.40.119.252 port 35654 ssh2
May 12 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Connection closed by 117.40.119.252 port 35654 [preauth]
May 12 11:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: Failed password for root from 117.40.119.252 port 36860 ssh2
May 12 11:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: Connection closed by 117.40.119.252 port 36860 [preauth]
May 12 11:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28697]: Failed password for root from 117.40.119.252 port 39080 ssh2
May 12 11:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28697]: Connection closed by 117.40.119.252 port 39080 [preauth]
May 12 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session closed for user root
May 12 11:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28727]: Failed password for root from 117.40.119.252 port 43321 ssh2
May 12 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28727]: Connection closed by 117.40.119.252 port 43321 [preauth]
May 12 11:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28740]: Failed password for root from 117.40.119.252 port 45505 ssh2
May 12 11:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28740]: Connection closed by 117.40.119.252 port 45505 [preauth]
May 12 11:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Failed password for root from 117.40.119.252 port 48682 ssh2
May 12 11:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Connection closed by 117.40.119.252 port 48682 [preauth]
May 12 11:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28775]: Failed password for root from 117.40.119.252 port 50328 ssh2
May 12 11:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28775]: Connection closed by 117.40.119.252 port 50328 [preauth]
May 12 11:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: Failed password for root from 117.40.119.252 port 52521 ssh2
May 12 11:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: Connection closed by 117.40.119.252 port 52521 [preauth]
May 12 11:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Failed password for root from 117.40.119.252 port 54097 ssh2
May 12 11:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Connection closed by 117.40.119.252 port 54097 [preauth]
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session closed for user p13x
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28868]: Successful su for rubyman by root
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28868]: + ??? root:rubyman
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378557 of user rubyman.
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28868]: pam_unix(su:session): session closed for user rubyman
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378557.
May 12 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28896]: Failed password for root from 117.40.119.252 port 56143 ssh2
May 12 11:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28896]: Connection closed by 117.40.119.252 port 56143 [preauth]
May 12 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session closed for user root
May 12 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session closed for user samftp
May 12 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Failed password for root from 117.40.119.252 port 59009 ssh2
May 12 11:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Connection closed by 117.40.119.252 port 59009 [preauth]
May 12 11:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: Failed password for root from 117.40.119.252 port 33855 ssh2
May 12 11:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: Connection closed by 117.40.119.252 port 33855 [preauth]
May 12 11:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: Failed password for root from 117.40.119.252 port 35604 ssh2
May 12 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: Connection closed by 117.40.119.252 port 35604 [preauth]
May 12 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29196]: Failed password for root from 117.40.119.252 port 37805 ssh2
May 12 11:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29196]: Connection closed by 117.40.119.252 port 37805 [preauth]
May 12 11:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: Failed password for root from 117.40.119.252 port 41926 ssh2
May 12 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: Connection closed by 117.40.119.252 port 41926 [preauth]
May 12 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Failed password for root from 117.40.119.252 port 43318 ssh2
May 12 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Connection closed by 117.40.119.252 port 43318 [preauth]
May 12 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session closed for user root
May 12 11:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Failed password for root from 117.40.119.252 port 47750 ssh2
May 12 11:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Connection closed by 117.40.119.252 port 47750 [preauth]
May 12 11:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29279]: Failed password for root from 117.40.119.252 port 49272 ssh2
May 12 11:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29279]: Connection closed by 117.40.119.252 port 49272 [preauth]
May 12 11:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29292]: Connection closed by 172.236.228.227 port 64236 [preauth]
May 12 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: Connection closed by 172.236.228.227 port 64250 [preauth]
May 12 11:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: fatal: Unable to negotiate with 172.236.228.227 port 64258: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May 12 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: Failed password for root from 117.40.119.252 port 50803 ssh2
May 12 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: Connection closed by 117.40.119.252 port 50803 [preauth]
May 12 11:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Failed password for root from 117.40.119.252 port 52654 ssh2
May 12 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Connection closed by 117.40.119.252 port 52654 [preauth]
May 12 11:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Failed password for root from 117.40.119.252 port 55789 ssh2
May 12 11:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Connection closed by 117.40.119.252 port 55789 [preauth]
May 12 11:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Failed password for root from 117.40.119.252 port 57300 ssh2
May 12 11:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Connection closed by 117.40.119.252 port 57300 [preauth]
May 12 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29350]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29348]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29346]: pam_unix(cron:session): session closed for user p13x
May 12 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29414]: Successful su for rubyman by root
May 12 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29414]: + ??? root:rubyman
May 12 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378558 of user rubyman.
May 12 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29414]: pam_unix(su:session): session closed for user rubyman
May 12 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378558.
May 12 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session closed for user root
May 12 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29347]: pam_unix(cron:session): session closed for user samftp
May 12 11:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: Failed password for root from 117.40.119.252 port 60437 ssh2
May 12 11:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: Connection closed by 117.40.119.252 port 60437 [preauth]
May 12 11:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: Failed password for root from 117.40.119.252 port 35534 ssh2
May 12 11:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: Connection closed by 117.40.119.252 port 35534 [preauth]
May 12 11:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: Failed password for root from 117.40.119.252 port 37681 ssh2
May 12 11:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Invalid user pascal from 156.251.24.166
May 12 11:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: input_userauth_request: invalid user pascal [preauth]
May 12 11:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 11:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: Connection closed by 117.40.119.252 port 37681 [preauth]
May 12 11:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Failed password for invalid user pascal from 156.251.24.166 port 39456 ssh2
May 12 11:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Received disconnect from 156.251.24.166 port 39456:11: Bye Bye [preauth]
May 12 11:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Disconnected from 156.251.24.166 port 39456 [preauth]
May 12 11:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Failed password for root from 117.40.119.252 port 39111 ssh2
May 12 11:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Connection closed by 117.40.119.252 port 39111 [preauth]
May 12 11:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: Failed password for root from 117.40.119.252 port 42180 ssh2
May 12 11:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: Connection closed by 117.40.119.252 port 42180 [preauth]
May 12 11:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: Failed password for root from 117.40.119.252 port 43828 ssh2
May 12 11:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: Connection closed by 117.40.119.252 port 43828 [preauth]
May 12 11:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Failed password for root from 117.40.119.252 port 46999 ssh2
May 12 11:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Connection closed by 117.40.119.252 port 46999 [preauth]
May 12 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session closed for user root
May 12 11:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Failed password for root from 117.40.119.252 port 48598 ssh2
May 12 11:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Connection closed by 117.40.119.252 port 48598 [preauth]
May 12 11:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: Failed password for root from 117.40.119.252 port 52716 ssh2
May 12 11:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: Connection closed by 117.40.119.252 port 52716 [preauth]
May 12 11:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Failed password for root from 117.40.119.252 port 57228 ssh2
May 12 11:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Connection closed by 117.40.119.252 port 57228 [preauth]
May 12 11:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29779]: Failed password for root from 117.40.119.252 port 60632 ssh2
May 12 11:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29779]: Connection closed by 117.40.119.252 port 60632 [preauth]
May 12 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29794]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session closed for user p13x
May 12 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29857]: Successful su for rubyman by root
May 12 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29857]: + ??? root:rubyman
May 12 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378562 of user rubyman.
May 12 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29857]: pam_unix(su:session): session closed for user rubyman
May 12 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378562.
May 12 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Failed password for root from 117.40.119.252 port 34564 ssh2
May 12 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Connection closed by 117.40.119.252 port 34564 [preauth]
May 12 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26683]: pam_unix(cron:session): session closed for user root
May 12 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29793]: pam_unix(cron:session): session closed for user samftp
May 12 11:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: Failed password for root from 117.40.119.252 port 36163 ssh2
May 12 11:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: Connection closed by 117.40.119.252 port 36163 [preauth]
May 12 11:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Failed password for root from 117.40.119.252 port 38378 ssh2
May 12 11:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Connection closed by 117.40.119.252 port 38378 [preauth]
May 12 11:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Failed password for root from 117.40.119.252 port 39824 ssh2
May 12 11:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Connection closed by 117.40.119.252 port 39824 [preauth]
May 12 11:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30074]: Failed password for root from 117.40.119.252 port 41909 ssh2
May 12 11:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30074]: Connection closed by 117.40.119.252 port 41909 [preauth]
May 12 11:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30085]: Failed password for root from 117.40.119.252 port 43614 ssh2
May 12 11:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30085]: Connection closed by 117.40.119.252 port 43614 [preauth]
May 12 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Failed password for root from 117.40.119.252 port 46643 ssh2
May 12 11:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Connection closed by 117.40.119.252 port 46643 [preauth]
May 12 11:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session closed for user root
May 12 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: Failed password for root from 117.40.119.252 port 49680 ssh2
May 12 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: Connection closed by 117.40.119.252 port 49680 [preauth]
May 12 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Failed password for root from 117.40.119.252 port 51430 ssh2
May 12 11:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Connection closed by 117.40.119.252 port 51430 [preauth]
May 12 11:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30155]: Failed password for root from 117.40.119.252 port 52957 ssh2
May 12 11:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30155]: Connection closed by 117.40.119.252 port 52957 [preauth]
May 12 11:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Failed password for root from 117.40.119.252 port 54447 ssh2
May 12 11:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Connection closed by 117.40.119.252 port 54447 [preauth]
May 12 11:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30191]: Failed password for root from 117.40.119.252 port 56187 ssh2
May 12 11:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30191]: Connection closed by 117.40.119.252 port 56187 [preauth]
May 12 11:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Failed password for root from 117.40.119.252 port 58511 ssh2
May 12 11:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Connection closed by 117.40.119.252 port 58511 [preauth]
May 12 11:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: Failed password for root from 117.40.119.252 port 60366 ssh2
May 12 11:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: Connection closed by 117.40.119.252 port 60366 [preauth]
May 12 11:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Failed password for root from 117.40.119.252 port 33745 ssh2
May 12 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Connection closed by 117.40.119.252 port 33745 [preauth]
May 12 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30226]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session closed for user p13x
May 12 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30283]: Successful su for rubyman by root
May 12 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30283]: + ??? root:rubyman
May 12 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378566 of user rubyman.
May 12 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30283]: pam_unix(su:session): session closed for user rubyman
May 12 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378566.
May 12 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session closed for user root
May 12 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session closed for user samftp
May 12 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Failed password for root from 117.40.119.252 port 37535 ssh2
May 12 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Connection closed by 117.40.119.252 port 37535 [preauth]
May 12 11:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: Invalid user developer from 103.41.98.68
May 12 11:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: input_userauth_request: invalid user developer [preauth]
May 12 11:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68
May 12 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: Failed password for invalid user developer from 103.41.98.68 port 53372 ssh2
May 12 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: Received disconnect from 103.41.98.68 port 53372:11: Bye Bye [preauth]
May 12 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: Disconnected from 103.41.98.68 port 53372 [preauth]
May 12 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30479]: Failed password for root from 117.40.119.252 port 39281 ssh2
May 12 11:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30479]: Connection closed by 117.40.119.252 port 39281 [preauth]
May 12 11:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: Failed password for root from 117.40.119.252 port 42291 ssh2
May 12 11:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: Connection closed by 117.40.119.252 port 42291 [preauth]
May 12 11:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30514]: Failed password for root from 117.40.119.252 port 44089 ssh2
May 12 11:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30514]: Connection closed by 117.40.119.252 port 44089 [preauth]
May 12 11:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May 12 11:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: Failed password for root from 218.92.0.208 port 5698 ssh2
May 12 11:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Failed password for root from 117.40.119.252 port 47035 ssh2
May 12 11:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Connection closed by 117.40.119.252 port 47035 [preauth]
May 12 11:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: Failed password for root from 218.92.0.208 port 5698 ssh2
May 12 11:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: Failed password for root from 218.92.0.208 port 5698 ssh2
May 12 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29350]: pam_unix(cron:session): session closed for user root
May 12 11:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: Failed password for root from 218.92.0.208 port 5698 ssh2
May 12 11:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Failed password for root from 117.40.119.252 port 51333 ssh2
May 12 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Connection closed by 117.40.119.252 port 51333 [preauth]
May 12 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: Failed password for root from 218.92.0.208 port 5698 ssh2
May 12 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: error: maximum authentication attempts exceeded for root from 218.92.0.208 port 5698 ssh2 [preauth]
May 12 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: Disconnecting: Too many authentication failures [preauth]
May 12 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May 12 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Failed password for root from 117.40.119.252 port 54561 ssh2
May 12 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Connection closed by 117.40.119.252 port 54561 [preauth]
May 12 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Failed password for root from 117.40.119.252 port 55928 ssh2
May 12 11:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Connection closed by 117.40.119.252 port 55928 [preauth]
May 12 11:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Failed password for root from 117.40.119.252 port 60703 ssh2
May 12 11:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Connection closed by 117.40.119.252 port 60703 [preauth]
May 12 11:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: Failed password for root from 117.40.119.252 port 34067 ssh2
May 12 11:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: Connection closed by 117.40.119.252 port 34067 [preauth]
May 12 11:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Invalid user admin from 80.94.95.112
May 12 11:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: input_userauth_request: invalid user admin [preauth]
May 12 11:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 11:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: Failed password for root from 117.40.119.252 port 35924 ssh2
May 12 11:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: Connection closed by 117.40.119.252 port 35924 [preauth]
May 12 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Failed password for invalid user admin from 80.94.95.112 port 59370 ssh2
May 12 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30653]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30656]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30656]: pam_unix(cron:session): session closed for user root
May 12 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30650]: pam_unix(cron:session): session closed for user p13x
May 12 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30722]: Successful su for rubyman by root
May 12 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30722]: + ??? root:rubyman
May 12 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378572 of user rubyman.
May 12 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30722]: pam_unix(su:session): session closed for user rubyman
May 12 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378572.
May 12 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: Failed password for root from 117.40.119.252 port 37732 ssh2
May 12 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Failed password for invalid user admin from 80.94.95.112 port 59370 ssh2
May 12 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: Connection closed by 117.40.119.252 port 37732 [preauth]
May 12 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session closed for user root
May 12 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30653]: pam_unix(cron:session): session closed for user root
May 12 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Failed password for invalid user admin from 80.94.95.112 port 59370 ssh2
May 12 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30652]: pam_unix(cron:session): session closed for user samftp
May 12 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30901]: Failed password for root from 117.40.119.252 port 39551 ssh2
May 12 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30901]: Connection closed by 117.40.119.252 port 39551 [preauth]
May 12 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Failed password for invalid user admin from 80.94.95.112 port 59370 ssh2
May 12 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Failed password for invalid user admin from 80.94.95.112 port 59370 ssh2
May 12 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Received disconnect from 80.94.95.112 port 59370:11: Bye [preauth]
May 12 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Disconnected from 80.94.95.112 port 59370 [preauth]
May 12 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30949]: Failed password for root from 117.40.119.252 port 41765 ssh2
May 12 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30949]: Connection closed by 117.40.119.252 port 41765 [preauth]
May 12 11:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: Failed password for root from 117.40.119.252 port 43206 ssh2
May 12 11:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: Connection closed by 117.40.119.252 port 43206 [preauth]
May 12 11:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Failed password for root from 117.40.119.252 port 46328 ssh2
May 12 11:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Connection closed by 117.40.119.252 port 46328 [preauth]
May 12 11:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Failed password for root from 117.40.119.252 port 47951 ssh2
May 12 11:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Connection closed by 117.40.119.252 port 47951 [preauth]
May 12 11:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: Failed password for root from 117.40.119.252 port 49730 ssh2
May 12 11:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: Connection closed by 117.40.119.252 port 49730 [preauth]
May 12 11:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Failed password for root from 117.40.119.252 port 51364 ssh2
May 12 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Connection closed by 117.40.119.252 port 51364 [preauth]
May 12 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session closed for user root
May 12 11:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Failed password for root from 117.40.119.252 port 53171 ssh2
May 12 11:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Connection closed by 117.40.119.252 port 53171 [preauth]
May 12 11:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Failed password for root from 117.40.119.252 port 54831 ssh2
May 12 11:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Connection closed by 117.40.119.252 port 54831 [preauth]
May 12 11:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Failed password for root from 117.40.119.252 port 57014 ssh2
May 12 11:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Connection closed by 117.40.119.252 port 57014 [preauth]
May 12 11:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Failed password for root from 117.40.119.252 port 58657 ssh2
May 12 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Connection closed by 117.40.119.252 port 58657 [preauth]
May 12 11:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: Failed password for root from 117.40.119.252 port 60401 ssh2
May 12 11:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: Connection closed by 117.40.119.252 port 60401 [preauth]
May 12 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session closed for user p13x
May 12 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31272]: Successful su for rubyman by root
May 12 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31272]: + ??? root:rubyman
May 12 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378576 of user rubyman.
May 12 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31272]: pam_unix(su:session): session closed for user rubyman
May 12 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378576.
May 12 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28337]: pam_unix(cron:session): session closed for user root
May 12 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31204]: pam_unix(cron:session): session closed for user samftp
May 12 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31442]: Failed password for root from 117.40.119.252 port 42077 ssh2
May 12 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31442]: Connection closed by 117.40.119.252 port 42077 [preauth]
May 12 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: Failed password for root from 117.40.119.252 port 43727 ssh2
May 12 11:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: Connection closed by 117.40.119.252 port 43727 [preauth]
May 12 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: Failed password for root from 117.40.119.252 port 45353 ssh2
May 12 11:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: Connection closed by 117.40.119.252 port 45353 [preauth]
May 12 11:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Failed password for root from 117.40.119.252 port 47580 ssh2
May 12 11:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Connection closed by 117.40.119.252 port 47580 [preauth]
May 12 11:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Failed password for root from 117.40.119.252 port 49121 ssh2
May 12 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Connection closed by 117.40.119.252 port 49121 [preauth]
May 12 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Failed password for root from 117.40.119.252 port 51282 ssh2
May 12 11:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Connection closed by 117.40.119.252 port 51282 [preauth]
May 12 11:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31537]: Failed password for root from 117.40.119.252 port 52803 ssh2
May 12 11:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31537]: Connection closed by 117.40.119.252 port 52803 [preauth]
May 12 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30227]: pam_unix(cron:session): session closed for user root
May 12 11:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: Failed password for root from 117.40.119.252 port 55878 ssh2
May 12 11:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: Connection closed by 117.40.119.252 port 55878 [preauth]
May 12 11:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31596]: Failed password for root from 117.40.119.252 port 33347 ssh2
May 12 11:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31596]: Connection closed by 117.40.119.252 port 33347 [preauth]
May 12 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31614]: Failed password for root from 117.40.119.252 port 34595 ssh2
May 12 11:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31614]: Connection closed by 117.40.119.252 port 34595 [preauth]
May 12 11:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: Failed password for root from 117.40.119.252 port 38081 ssh2
May 12 11:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: Connection closed by 117.40.119.252 port 38081 [preauth]
May 12 11:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Failed password for root from 117.40.119.252 port 40382 ssh2
May 12 11:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Connection closed by 117.40.119.252 port 40382 [preauth]
May 12 11:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31658]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31657]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31653]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31653]: pam_unix(cron:session): session closed for user root
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31655]: pam_unix(cron:session): session closed for user p13x
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: Successful su for rubyman by root
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: + ??? root:rubyman
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378581 of user rubyman.
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: pam_unix(su:session): session closed for user rubyman
May 12 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378581.
May 12 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Failed password for root from 117.40.119.252 port 42186 ssh2
May 12 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Connection closed by 117.40.119.252 port 42186 [preauth]
May 12 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session closed for user root
May 12 11:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31656]: pam_unix(cron:session): session closed for user samftp
May 12 11:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31971]: Failed password for root from 117.40.119.252 port 46327 ssh2
May 12 11:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31971]: Connection closed by 117.40.119.252 port 46327 [preauth]
May 12 11:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Failed password for root from 117.40.119.252 port 47953 ssh2
May 12 11:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Connection closed by 117.40.119.252 port 47953 [preauth]
May 12 11:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32074]: Failed password for root from 117.40.119.252 port 50280 ssh2
May 12 11:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32074]: Connection closed by 117.40.119.252 port 50280 [preauth]
May 12 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Failed password for root from 117.40.119.252 port 56048 ssh2
May 12 11:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Connection closed by 117.40.119.252 port 56048 [preauth]
May 12 11:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: Failed password for root from 117.40.119.252 port 57753 ssh2
May 12 11:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: Connection closed by 117.40.119.252 port 57753 [preauth]
May 12 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session closed for user root
May 12 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: Failed password for root from 117.40.119.252 port 59176 ssh2
May 12 11:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: Connection closed by 117.40.119.252 port 59176 [preauth]
May 12 11:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: Failed password for root from 117.40.119.252 port 34166 ssh2
May 12 11:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: Connection closed by 117.40.119.252 port 34166 [preauth]
May 12 11:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: Failed password for root from 117.40.119.252 port 40118 ssh2
May 12 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: Connection closed by 117.40.119.252 port 40118 [preauth]
May 12 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Failed password for root from 117.40.119.252 port 43273 ssh2
May 12 11:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Connection closed by 117.40.119.252 port 43273 [preauth]
May 12 11:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32396]: Failed password for root from 117.40.119.252 port 44579 ssh2
May 12 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32396]: Connection closed by 117.40.119.252 port 44579 [preauth]
May 12 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32411]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32413]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32409]: pam_unix(cron:session): session closed for user p13x
May 12 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: Successful su for rubyman by root
May 12 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: + ??? root:rubyman
May 12 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378586 of user rubyman.
May 12 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: pam_unix(su:session): session closed for user rubyman
May 12 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378586.
May 12 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29348]: pam_unix(cron:session): session closed for user root
May 12 11:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32410]: pam_unix(cron:session): session closed for user samftp
May 12 11:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[303]: Failed password for root from 117.40.119.252 port 48731 ssh2
May 12 11:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[303]: Connection closed by 117.40.119.252 port 48731 [preauth]
May 12 11:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Failed password for root from 117.40.119.252 port 50549 ssh2
May 12 11:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Connection closed by 117.40.119.252 port 50549 [preauth]
May 12 11:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: Failed password for root from 117.40.119.252 port 55262 ssh2
May 12 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: Connection closed by 117.40.119.252 port 55262 [preauth]
May 12 11:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[371]: Failed password for root from 117.40.119.252 port 56614 ssh2
May 12 11:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[371]: Connection closed by 117.40.119.252 port 56614 [preauth]
May 12 11:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Failed password for root from 117.40.119.252 port 58728 ssh2
May 12 11:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Connection closed by 117.40.119.252 port 58728 [preauth]
May 12 11:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: Failed password for root from 117.40.119.252 port 60209 ssh2
May 12 11:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: Connection closed by 117.40.119.252 port 60209 [preauth]
May 12 11:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[417]: Failed password for root from 117.40.119.252 port 33428 ssh2
May 12 11:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[417]: Connection closed by 117.40.119.252 port 33428 [preauth]
May 12 11:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session closed for user root
May 12 11:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: Failed password for root from 117.40.119.252 port 34784 ssh2
May 12 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: Connection closed by 117.40.119.252 port 34784 [preauth]
May 12 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[484]: Failed password for root from 117.40.119.252 port 36906 ssh2
May 12 11:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[484]: Connection closed by 117.40.119.252 port 36906 [preauth]
May 12 11:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: Failed password for root from 117.40.119.252 port 43471 ssh2
May 12 11:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: Connection closed by 117.40.119.252 port 43471 [preauth]
May 12 11:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: Failed password for root from 117.40.119.252 port 44911 ssh2
May 12 11:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: Connection closed by 117.40.119.252 port 44911 [preauth]
May 12 11:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[548]: Failed password for root from 117.40.119.252 port 46582 ssh2
May 12 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[548]: Connection closed by 117.40.119.252 port 46582 [preauth]
May 12 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[564]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[565]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[561]: pam_unix(cron:session): session closed for user p13x
May 12 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: Successful su for rubyman by root
May 12 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: + ??? root:rubyman
May 12 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378589 of user rubyman.
May 12 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: pam_unix(su:session): session closed for user rubyman
May 12 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378589.
May 12 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: Failed password for root from 117.40.119.252 port 48271 ssh2
May 12 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: Connection closed by 117.40.119.252 port 48271 [preauth]
May 12 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29794]: pam_unix(cron:session): session closed for user root
May 12 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Failed password for root from 117.40.119.252 port 49620 ssh2
May 12 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Connection closed by 117.40.119.252 port 49620 [preauth]
May 12 11:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[563]: pam_unix(cron:session): session closed for user samftp
May 12 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: Failed password for root from 117.40.119.252 port 51187 ssh2
May 12 11:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: Connection closed by 117.40.119.252 port 51187 [preauth]
May 12 11:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Failed password for root from 117.40.119.252 port 54033 ssh2
May 12 11:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Connection closed by 117.40.119.252 port 54033 [preauth]
May 12 11:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: Failed password for root from 117.40.119.252 port 55563 ssh2
May 12 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: Connection closed by 117.40.119.252 port 55563 [preauth]
May 12 11:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: Invalid user user1 from 103.41.98.68
May 12 11:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: input_userauth_request: invalid user user1 [preauth]
May 12 11:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68
May 12 11:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: Failed password for invalid user user1 from 103.41.98.68 port 46206 ssh2
May 12 11:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: Received disconnect from 103.41.98.68 port 46206:11: Bye Bye [preauth]
May 12 11:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: Disconnected from 103.41.98.68 port 46206 [preauth]
May 12 11:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[924]: Failed password for root from 117.40.119.252 port 34210 ssh2
May 12 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[924]: Connection closed by 117.40.119.252 port 34210 [preauth]
May 12 11:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31658]: pam_unix(cron:session): session closed for user root
May 12 11:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Failed password for root from 117.40.119.252 port 35795 ssh2
May 12 11:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Connection closed by 117.40.119.252 port 35795 [preauth]
May 12 11:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: Failed password for root from 117.40.119.252 port 42778 ssh2
May 12 11:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: Connection closed by 117.40.119.252 port 42778 [preauth]
May 12 11:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: Failed password for root from 117.40.119.252 port 44397 ssh2
May 12 11:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: Connection closed by 117.40.119.252 port 44397 [preauth]
May 12 11:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: Failed password for root from 117.40.119.252 port 45917 ssh2
May 12 11:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: Connection closed by 117.40.119.252 port 45917 [preauth]
May 12 11:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1040]: Failed password for root from 117.40.119.252 port 47734 ssh2
May 12 11:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1040]: Connection closed by 117.40.119.252 port 47734 [preauth]
May 12 11:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Failed password for root from 117.40.119.252 port 49340 ssh2
May 12 11:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Connection closed by 117.40.119.252 port 49340 [preauth]
May 12 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1068]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1064]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1069]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1069]: pam_unix(cron:session): session closed for user root
May 12 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session closed for user p13x
May 12 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1139]: Successful su for rubyman by root
May 12 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1139]: + ??? root:rubyman
May 12 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378595 of user rubyman.
May 12 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1139]: pam_unix(su:session): session closed for user rubyman
May 12 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378595.
May 12 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30226]: pam_unix(cron:session): session closed for user root
May 12 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session closed for user root
May 12 11:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1061]: pam_unix(cron:session): session closed for user samftp
May 12 11:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Failed password for root from 218.92.0.233 port 55834 ssh2
May 12 11:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Failed password for root from 117.40.119.252 port 53508 ssh2
May 12 11:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Connection closed by 117.40.119.252 port 53508 [preauth]
May 12 11:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Failed password for root from 218.92.0.233 port 55834 ssh2
May 12 11:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: Failed password for root from 117.40.119.252 port 54953 ssh2
May 12 11:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: Connection closed by 117.40.119.252 port 54953 [preauth]
May 12 11:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Failed password for root from 218.92.0.233 port 55834 ssh2
May 12 11:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Received disconnect from 218.92.0.233 port 55834:11:  [preauth]
May 12 11:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Disconnected from 218.92.0.233 port 55834 [preauth]
May 12 11:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 11:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 11:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1412]: Failed password for root from 117.40.119.252 port 56683 ssh2
May 12 11:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1412]: Connection closed by 117.40.119.252 port 56683 [preauth]
May 12 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Failed password for root from 218.92.0.233 port 43378 ssh2
May 12 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 11:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Failed password for root from 218.92.0.233 port 43378 ssh2
May 12 11:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: Failed password for root from 117.40.119.252 port 58437 ssh2
May 12 11:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: Connection closed by 117.40.119.252 port 58437 [preauth]
May 12 11:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Failed password for root from 218.92.0.179 port 36875 ssh2
May 12 11:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Failed password for root from 218.92.0.233 port 43378 ssh2
May 12 11:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Received disconnect from 218.92.0.233 port 43378:11:  [preauth]
May 12 11:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Disconnected from 218.92.0.233 port 43378 [preauth]
May 12 11:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 11:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Failed password for root from 218.92.0.179 port 36875 ssh2
May 12 11:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 11:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1468]: Failed password for root from 117.40.119.252 port 60407 ssh2
May 12 11:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1468]: Connection closed by 117.40.119.252 port 60407 [preauth]
May 12 11:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Failed password for root from 218.92.0.233 port 33514 ssh2
May 12 11:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Failed password for root from 218.92.0.179 port 36875 ssh2
May 12 11:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Received disconnect from 218.92.0.179 port 36875:11:  [preauth]
May 12 11:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Disconnected from 218.92.0.179 port 36875 [preauth]
May 12 11:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 11:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Failed password for root from 218.92.0.233 port 33514 ssh2
May 12 11:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Failed password for root from 218.92.0.233 port 33514 ssh2
May 12 11:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Received disconnect from 218.92.0.233 port 33514:11:  [preauth]
May 12 11:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Disconnected from 218.92.0.233 port 33514 [preauth]
May 12 11:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 11:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: Failed password for root from 117.40.119.252 port 36131 ssh2
May 12 11:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: Connection closed by 117.40.119.252 port 36131 [preauth]
May 12 11:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32413]: pam_unix(cron:session): session closed for user root
May 12 11:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May 12 11:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1512]: Failed password for root from 117.40.119.252 port 37854 ssh2
May 12 11:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1512]: Connection closed by 117.40.119.252 port 37854 [preauth]
May 12 11:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: Failed password for root from 218.92.0.226 port 48374 ssh2
May 12 11:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: Failed password for root from 218.92.0.226 port 48374 ssh2
May 12 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Failed password for root from 117.40.119.252 port 40568 ssh2
May 12 11:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Connection closed by 117.40.119.252 port 40568 [preauth]
May 12 11:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: Failed password for root from 218.92.0.226 port 48374 ssh2
May 12 11:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: Received disconnect from 218.92.0.226 port 48374:11:  [preauth]
May 12 11:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: Disconnected from 218.92.0.226 port 48374 [preauth]
May 12 11:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May 12 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1556]: Failed password for root from 117.40.119.252 port 42612 ssh2
May 12 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1556]: Connection closed by 117.40.119.252 port 42612 [preauth]
May 12 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1584]: Failed password for root from 117.40.119.252 port 43946 ssh2
May 12 11:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1584]: Connection closed by 117.40.119.252 port 43946 [preauth]
May 12 11:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: Failed password for root from 117.40.119.252 port 46172 ssh2
May 12 11:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: Connection closed by 117.40.119.252 port 46172 [preauth]
May 12 11:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: Failed password for root from 117.40.119.252 port 48267 ssh2
May 12 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: Connection closed by 117.40.119.252 port 48267 [preauth]
May 12 11:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1611]: Failed password for root from 117.40.119.252 port 50056 ssh2
May 12 11:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1611]: Connection closed by 117.40.119.252 port 50056 [preauth]
May 12 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1630]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1631]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1628]: pam_unix(cron:session): session closed for user p13x
May 12 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1709]: Successful su for rubyman by root
May 12 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1709]: + ??? root:rubyman
May 12 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378601 of user rubyman.
May 12 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1709]: pam_unix(su:session): session closed for user rubyman
May 12 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378601.
May 12 11:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session closed for user root
May 12 11:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1629]: pam_unix(cron:session): session closed for user samftp
May 12 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: Failed password for root from 117.40.119.252 port 54933 ssh2
May 12 11:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: Connection closed by 117.40.119.252 port 54933 [preauth]
May 12 11:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2014]: Failed password for root from 117.40.119.252 port 57205 ssh2
May 12 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2014]: Connection closed by 117.40.119.252 port 57205 [preauth]
May 12 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Failed password for root from 117.40.119.252 port 58771 ssh2
May 12 11:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Connection closed by 117.40.119.252 port 58771 [preauth]
May 12 11:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: Failed password for root from 117.40.119.252 port 34684 ssh2
May 12 11:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: Connection closed by 117.40.119.252 port 34684 [preauth]
May 12 11:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2051]: Failed password for root from 117.40.119.252 port 36291 ssh2
May 12 11:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2051]: Connection closed by 117.40.119.252 port 36291 [preauth]
May 12 11:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[565]: pam_unix(cron:session): session closed for user root
May 12 11:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Failed password for root from 117.40.119.252 port 40483 ssh2
May 12 11:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Connection closed by 117.40.119.252 port 40483 [preauth]
May 12 11:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2118]: Invalid user seedbox from 156.251.24.166
May 12 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2118]: input_userauth_request: invalid user seedbox [preauth]
May 12 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2118]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: Failed password for root from 117.40.119.252 port 41922 ssh2
May 12 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: Connection closed by 117.40.119.252 port 41922 [preauth]
May 12 11:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2118]: Failed password for invalid user seedbox from 156.251.24.166 port 36842 ssh2
May 12 11:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2118]: Received disconnect from 156.251.24.166 port 36842:11: Bye Bye [preauth]
May 12 11:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2118]: Disconnected from 156.251.24.166 port 36842 [preauth]
May 12 11:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: Failed password for root from 117.40.119.252 port 43499 ssh2
May 12 11:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: Connection closed by 117.40.119.252 port 43499 [preauth]
May 12 11:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: Failed password for root from 117.40.119.252 port 45532 ssh2
May 12 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: Connection closed by 117.40.119.252 port 45532 [preauth]
May 12 11:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: Failed password for root from 117.40.119.252 port 47597 ssh2
May 12 11:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: Connection closed by 117.40.119.252 port 47597 [preauth]
May 12 11:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: Failed password for root from 117.40.119.252 port 49527 ssh2
May 12 11:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: Connection closed by 117.40.119.252 port 49527 [preauth]
May 12 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2185]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2182]: pam_unix(cron:session): session closed for user p13x
May 12 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2250]: Successful su for rubyman by root
May 12 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2250]: + ??? root:rubyman
May 12 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378605 of user rubyman.
May 12 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2250]: pam_unix(su:session): session closed for user rubyman
May 12 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378605.
May 12 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: Failed password for root from 117.40.119.252 port 56035 ssh2
May 12 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session closed for user root
May 12 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: Connection closed by 117.40.119.252 port 56035 [preauth]
May 12 11:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2183]: pam_unix(cron:session): session closed for user samftp
May 12 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: Failed password for root from 117.40.119.252 port 60023 ssh2
May 12 11:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: Connection closed by 117.40.119.252 port 60023 [preauth]
May 12 11:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2472]: Failed password for root from 117.40.119.252 port 33175 ssh2
May 12 11:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2472]: Connection closed by 117.40.119.252 port 33175 [preauth]
May 12 11:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Failed password for root from 117.40.119.252 port 34768 ssh2
May 12 11:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Connection closed by 117.40.119.252 port 34768 [preauth]
May 12 11:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: Failed password for root from 117.40.119.252 port 36756 ssh2
May 12 11:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: Connection closed by 117.40.119.252 port 36756 [preauth]
May 12 11:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: Failed password for root from 117.40.119.252 port 38939 ssh2
May 12 11:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: Connection closed by 117.40.119.252 port 38939 [preauth]
May 12 11:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Failed password for root from 117.40.119.252 port 40511 ssh2
May 12 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Connection closed by 117.40.119.252 port 40511 [preauth]
May 12 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Failed password for root from 117.40.119.252 port 42666 ssh2
May 12 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1068]: pam_unix(cron:session): session closed for user root
May 12 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Connection closed by 117.40.119.252 port 42666 [preauth]
May 12 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2574]: Failed password for root from 117.40.119.252 port 44431 ssh2
May 12 11:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2574]: Connection closed by 117.40.119.252 port 44431 [preauth]
May 12 11:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Failed password for root from 117.40.119.252 port 45955 ssh2
May 12 11:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Connection closed by 117.40.119.252 port 45955 [preauth]
May 12 11:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Failed password for root from 117.40.119.252 port 47489 ssh2
May 12 11:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Connection closed by 117.40.119.252 port 47489 [preauth]
May 12 11:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Failed password for root from 117.40.119.252 port 54603 ssh2
May 12 11:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Connection closed by 117.40.119.252 port 54603 [preauth]
May 12 11:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Failed password for root from 117.40.119.252 port 56406 ssh2
May 12 11:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Connection closed by 117.40.119.252 port 56406 [preauth]
May 12 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2656]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2655]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2652]: pam_unix(cron:session): session closed for user p13x
May 12 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2730]: Successful su for rubyman by root
May 12 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2730]: + ??? root:rubyman
May 12 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378608 of user rubyman.
May 12 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2730]: pam_unix(su:session): session closed for user rubyman
May 12 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378608.
May 12 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31657]: pam_unix(cron:session): session closed for user root
May 12 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: Failed password for root from 117.40.119.252 port 58181 ssh2
May 12 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: Connection closed by 117.40.119.252 port 58181 [preauth]
May 12 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2653]: pam_unix(cron:session): session closed for user samftp
May 12 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: Failed password for root from 117.40.119.252 port 60334 ssh2
May 12 11:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: Connection closed by 117.40.119.252 port 60334 [preauth]
May 12 11:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: Failed password for root from 117.40.119.252 port 35214 ssh2
May 12 11:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: Connection closed by 117.40.119.252 port 35214 [preauth]
May 12 11:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Invalid user abc from 193.32.162.157
May 12 11:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: input_userauth_request: invalid user abc [preauth]
May 12 11:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 11:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for invalid user abc from 193.32.162.157 port 26338 ssh2
May 12 11:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Connection closed by 193.32.162.157 port 26338 [preauth]
May 12 11:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: Failed password for root from 117.40.119.252 port 39024 ssh2
May 12 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: Connection closed by 117.40.119.252 port 39024 [preauth]
May 12 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Failed password for root from 117.40.119.252 port 40588 ssh2
May 12 11:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Connection closed by 117.40.119.252 port 40588 [preauth]
May 12 11:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: Failed password for root from 117.40.119.252 port 42262 ssh2
May 12 11:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: Connection closed by 117.40.119.252 port 42262 [preauth]
May 12 11:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: Invalid user adm from 193.32.162.157
May 12 11:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: input_userauth_request: invalid user adm [preauth]
May 12 11:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: Failed password for invalid user adm from 193.32.162.157 port 14610 ssh2
May 12 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1631]: pam_unix(cron:session): session closed for user root
May 12 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: Connection closed by 193.32.162.157 port 14610 [preauth]
May 12 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: Failed password for root from 117.40.119.252 port 48736 ssh2
May 12 11:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: Connection closed by 117.40.119.252 port 48736 [preauth]
May 12 11:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3052]: Failed password for root from 117.40.119.252 port 50427 ssh2
May 12 11:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3052]: Connection closed by 117.40.119.252 port 50427 [preauth]
May 12 11:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Invalid user git from 193.32.162.157
May 12 11:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: input_userauth_request: invalid user git [preauth]
May 12 11:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 11:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Failed password for invalid user git from 193.32.162.157 port 31650 ssh2
May 12 11:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Failed password for root from 117.40.119.252 port 52226 ssh2
May 12 11:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Connection closed by 117.40.119.252 port 52226 [preauth]
May 12 11:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Connection closed by 193.32.162.157 port 31650 [preauth]
May 12 11:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Failed password for root from 117.40.119.252 port 56849 ssh2
May 12 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Connection closed by 117.40.119.252 port 56849 [preauth]
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3111]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3109]: pam_unix(cron:session): session closed for user p13x
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: Invalid user bbbb from 193.32.162.157
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: input_userauth_request: invalid user bbbb [preauth]
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3175]: Successful su for rubyman by root
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3175]: + ??? root:rubyman
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378611 of user rubyman.
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3175]: pam_unix(su:session): session closed for user rubyman
May 12 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378611.
May 12 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: Failed password for invalid user bbbb from 193.32.162.157 port 4598 ssh2
May 12 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Failed password for root from 80.94.95.125 port 23997 ssh2
May 12 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Received disconnect from 80.94.95.125 port 23997:11: Bye [preauth]
May 12 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Disconnected from 80.94.95.125 port 23997 [preauth]
May 12 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32411]: pam_unix(cron:session): session closed for user root
May 12 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3110]: pam_unix(cron:session): session closed for user samftp
May 12 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: Failed password for root from 117.40.119.252 port 33253 ssh2
May 12 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: Connection closed by 117.40.119.252 port 33253 [preauth]
May 12 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: Connection closed by 193.32.162.157 port 4598 [preauth]
May 12 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Failed password for root from 117.40.119.252 port 35372 ssh2
May 12 11:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Connection closed by 117.40.119.252 port 35372 [preauth]
May 12 11:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3412]: Failed password for root from 117.40.119.252 port 38522 ssh2
May 12 11:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3412]: Connection closed by 117.40.119.252 port 38522 [preauth]
May 12 11:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Invalid user adm from 193.32.162.157
May 12 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: input_userauth_request: invalid user adm [preauth]
May 12 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Failed password for invalid user adm from 193.32.162.157 port 18840 ssh2
May 12 11:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Failed password for root from 117.40.119.252 port 41840 ssh2
May 12 11:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Connection closed by 117.40.119.252 port 41840 [preauth]
May 12 11:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Connection closed by 193.32.162.157 port 18840 [preauth]
May 12 11:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3436]: Failed password for root from 117.40.119.252 port 43487 ssh2
May 12 11:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3436]: Connection closed by 117.40.119.252 port 43487 [preauth]
May 12 11:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: Failed password for root from 117.40.119.252 port 47537 ssh2
May 12 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: Connection closed by 117.40.119.252 port 47537 [preauth]
May 12 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2185]: pam_unix(cron:session): session closed for user root
May 12 11:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: Invalid user epro from 103.41.98.68
May 12 11:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: input_userauth_request: invalid user epro [preauth]
May 12 11:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68
May 12 11:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: Failed password for root from 117.40.119.252 port 48802 ssh2
May 12 11:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: Connection closed by 117.40.119.252 port 48802 [preauth]
May 12 11:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: Failed password for invalid user epro from 103.41.98.68 port 39812 ssh2
May 12 11:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: Received disconnect from 103.41.98.68 port 39812:11: Bye Bye [preauth]
May 12 11:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: Disconnected from 103.41.98.68 port 39812 [preauth]
May 12 11:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Failed password for root from 117.40.119.252 port 52359 ssh2
May 12 11:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Connection closed by 117.40.119.252 port 52359 [preauth]
May 12 11:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3550]: Failed password for root from 117.40.119.252 port 59612 ssh2
May 12 11:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3550]: Connection closed by 117.40.119.252 port 59612 [preauth]
May 12 11:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3595]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3598]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3597]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3599]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3599]: pam_unix(cron:session): session closed for user root
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3593]: pam_unix(cron:session): session closed for user p13x
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3662]: Successful su for rubyman by root
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3662]: + ??? root:rubyman
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378616 of user rubyman.
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3662]: pam_unix(su:session): session closed for user rubyman
May 12 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378616.
May 12 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Failed password for root from 117.40.119.252 port 32879 ssh2
May 12 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Connection closed by 117.40.119.252 port 32879 [preauth]
May 12 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[564]: pam_unix(cron:session): session closed for user root
May 12 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3595]: pam_unix(cron:session): session closed for user root
May 12 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3684]: Failed password for root from 117.40.119.252 port 36106 ssh2
May 12 11:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3684]: Connection closed by 117.40.119.252 port 36106 [preauth]
May 12 11:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3594]: pam_unix(cron:session): session closed for user samftp
May 12 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Failed password for root from 117.40.119.252 port 37685 ssh2
May 12 11:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Connection closed by 117.40.119.252 port 37685 [preauth]
May 12 11:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3870]: Failed password for root from 117.40.119.252 port 39093 ssh2
May 12 11:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3870]: Connection closed by 117.40.119.252 port 39093 [preauth]
May 12 11:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: Failed password for root from 117.40.119.252 port 41183 ssh2
May 12 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: Connection closed by 117.40.119.252 port 41183 [preauth]
May 12 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3906]: Failed password for root from 117.40.119.252 port 44542 ssh2
May 12 11:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3906]: Connection closed by 117.40.119.252 port 44542 [preauth]
May 12 11:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Failed password for root from 117.40.119.252 port 46105 ssh2
May 12 11:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Connection closed by 117.40.119.252 port 46105 [preauth]
May 12 11:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: Failed password for root from 117.40.119.252 port 47603 ssh2
May 12 11:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: Connection closed by 117.40.119.252 port 47603 [preauth]
May 12 11:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: Failed password for root from 117.40.119.252 port 49355 ssh2
May 12 11:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: Connection closed by 117.40.119.252 port 49355 [preauth]
May 12 11:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2656]: pam_unix(cron:session): session closed for user root
May 12 11:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: Failed password for root from 117.40.119.252 port 50790 ssh2
May 12 11:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: Connection closed by 117.40.119.252 port 50790 [preauth]
May 12 11:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Failed password for root from 117.40.119.252 port 52538 ssh2
May 12 11:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Connection closed by 117.40.119.252 port 52538 [preauth]
May 12 11:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Failed password for root from 117.40.119.252 port 54073 ssh2
May 12 11:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Connection closed by 117.40.119.252 port 54073 [preauth]
May 12 11:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Failed password for root from 117.40.119.252 port 58172 ssh2
May 12 11:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Connection closed by 117.40.119.252 port 58172 [preauth]
May 12 11:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Failed password for root from 117.40.119.252 port 59693 ssh2
May 12 11:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Connection closed by 117.40.119.252 port 59693 [preauth]
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4085]: pam_unix(cron:session): session closed for user p13x
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4153]: Successful su for rubyman by root
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4153]: + ??? root:rubyman
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378621 of user rubyman.
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4153]: pam_unix(su:session): session closed for user rubyman
May 12 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378621.
May 12 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4082]: Failed password for root from 117.40.119.252 port 37537 ssh2
May 12 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4082]: Connection closed by 117.40.119.252 port 37537 [preauth]
May 12 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1064]: pam_unix(cron:session): session closed for user root
May 12 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4086]: pam_unix(cron:session): session closed for user samftp
May 12 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4440]: Failed password for root from 117.40.119.252 port 39088 ssh2
May 12 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4440]: Connection closed by 117.40.119.252 port 39088 [preauth]
May 12 11:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4496]: Failed password for root from 117.40.119.252 port 40867 ssh2
May 12 11:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4496]: Connection closed by 117.40.119.252 port 40867 [preauth]
May 12 11:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: Failed password for root from 117.40.119.252 port 42572 ssh2
May 12 11:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: Connection closed by 117.40.119.252 port 42572 [preauth]
May 12 11:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: Failed password for root from 117.40.119.252 port 43824 ssh2
May 12 11:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: Connection closed by 117.40.119.252 port 43824 [preauth]
May 12 11:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4552]: Failed password for root from 117.40.119.252 port 48312 ssh2
May 12 11:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4552]: Connection closed by 117.40.119.252 port 48312 [preauth]
May 12 11:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4578]: Failed password for root from 117.40.119.252 port 49870 ssh2
May 12 11:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4578]: Connection closed by 117.40.119.252 port 49870 [preauth]
May 12 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session closed for user root
May 12 11:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Failed password for root from 117.40.119.252 port 56614 ssh2
May 12 11:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Connection closed by 117.40.119.252 port 56614 [preauth]
May 12 11:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Failed password for root from 117.40.119.252 port 60638 ssh2
May 12 11:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Connection closed by 117.40.119.252 port 60638 [preauth]
May 12 11:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4663]: Failed password for root from 117.40.119.252 port 34458 ssh2
May 12 11:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4663]: Connection closed by 117.40.119.252 port 34458 [preauth]
May 12 11:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4681]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session closed for user p13x
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4741]: Successful su for rubyman by root
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4741]: + ??? root:rubyman
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378628 of user rubyman.
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4741]: pam_unix(su:session): session closed for user rubyman
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378628.
May 12 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Failed password for root from 117.40.119.252 port 37347 ssh2
May 12 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Connection closed by 117.40.119.252 port 37347 [preauth]
May 12 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1630]: pam_unix(cron:session): session closed for user root
May 12 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: Failed password for root from 117.40.119.252 port 39493 ssh2
May 12 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: Connection closed by 117.40.119.252 port 39493 [preauth]
May 12 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session closed for user samftp
May 12 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: Failed password for root from 117.40.119.252 port 41152 ssh2
May 12 11:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: Connection closed by 117.40.119.252 port 41152 [preauth]
May 12 11:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Failed password for root from 117.40.119.252 port 42526 ssh2
May 12 11:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Connection closed by 117.40.119.252 port 42526 [preauth]
May 12 11:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: Failed password for root from 117.40.119.252 port 49299 ssh2
May 12 11:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: Connection closed by 117.40.119.252 port 49299 [preauth]
May 12 11:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5201]: Failed password for root from 117.40.119.252 port 50872 ssh2
May 12 11:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5201]: Connection closed by 117.40.119.252 port 50872 [preauth]
May 12 11:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: Failed password for root from 117.40.119.252 port 52472 ssh2
May 12 11:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: Connection closed by 117.40.119.252 port 52472 [preauth]
May 12 11:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3598]: pam_unix(cron:session): session closed for user root
May 12 11:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: Failed password for root from 117.40.119.252 port 53939 ssh2
May 12 11:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: Connection closed by 117.40.119.252 port 53939 [preauth]
May 12 11:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: Failed password for root from 117.40.119.252 port 55765 ssh2
May 12 11:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: Connection closed by 117.40.119.252 port 55765 [preauth]
May 12 11:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5256]: Failed password for root from 117.40.119.252 port 57192 ssh2
May 12 11:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5256]: Connection closed by 117.40.119.252 port 57192 [preauth]
May 12 11:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: Failed password for root from 117.40.119.252 port 58941 ssh2
May 12 11:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: Connection closed by 117.40.119.252 port 58941 [preauth]
May 12 11:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Failed password for root from 117.40.119.252 port 60301 ssh2
May 12 11:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Connection closed by 117.40.119.252 port 60301 [preauth]
May 12 11:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Failed password for root from 117.40.119.252 port 33772 ssh2
May 12 11:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Connection closed by 117.40.119.252 port 33772 [preauth]
May 12 11:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: Failed password for root from 117.40.119.252 port 35239 ssh2
May 12 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: Connection closed by 117.40.119.252 port 35239 [preauth]
May 12 11:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5330]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5332]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5328]: pam_unix(cron:session): session closed for user p13x
May 12 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Failed password for root from 117.40.119.252 port 39615 ssh2
May 12 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5393]: Successful su for rubyman by root
May 12 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5393]: + ??? root:rubyman
May 12 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378631 of user rubyman.
May 12 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5393]: pam_unix(su:session): session closed for user rubyman
May 12 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Connection closed by 117.40.119.252 port 39615 [preauth]
May 12 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378631.
May 12 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2184]: pam_unix(cron:session): session closed for user root
May 12 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Failed password for root from 117.40.119.252 port 41062 ssh2
May 12 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Connection closed by 117.40.119.252 port 41062 [preauth]
May 12 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5329]: pam_unix(cron:session): session closed for user samftp
May 12 11:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5627]: Failed password for root from 117.40.119.252 port 43053 ssh2
May 12 11:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5627]: Connection closed by 117.40.119.252 port 43053 [preauth]
May 12 11:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Failed password for root from 117.40.119.252 port 44756 ssh2
May 12 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Connection closed by 117.40.119.252 port 44756 [preauth]
May 12 11:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: Failed password for root from 117.40.119.252 port 46497 ssh2
May 12 11:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: Connection closed by 117.40.119.252 port 46497 [preauth]
May 12 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: Failed password for root from 117.40.119.252 port 52123 ssh2
May 12 11:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: Connection closed by 117.40.119.252 port 52123 [preauth]
May 12 11:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session closed for user root
May 12 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Failed password for root from 117.40.119.252 port 54170 ssh2
May 12 11:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Connection closed by 117.40.119.252 port 54170 [preauth]
May 12 11:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Failed password for root from 117.40.119.252 port 58193 ssh2
May 12 11:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Connection closed by 117.40.119.252 port 58193 [preauth]
May 12 11:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5758]: Failed password for root from 117.40.119.252 port 59552 ssh2
May 12 11:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5758]: Connection closed by 117.40.119.252 port 59552 [preauth]
May 12 11:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: Invalid user bioinfo from 156.251.24.166
May 12 11:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: input_userauth_request: invalid user bioinfo [preauth]
May 12 11:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 11:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: Failed password for invalid user bioinfo from 156.251.24.166 port 47852 ssh2
May 12 11:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: Received disconnect from 156.251.24.166 port 47852:11: Bye Bye [preauth]
May 12 11:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: Disconnected from 156.251.24.166 port 47852 [preauth]
May 12 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Failed password for root from 117.40.119.252 port 32795 ssh2
May 12 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Connection closed by 117.40.119.252 port 32795 [preauth]
May 12 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: Failed password for root from 117.40.119.252 port 34904 ssh2
May 12 11:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: Connection closed by 117.40.119.252 port 34904 [preauth]
May 12 11:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: Failed password for root from 117.40.119.252 port 36242 ssh2
May 12 11:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: Connection closed by 117.40.119.252 port 36242 [preauth]
May 12 11:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5906]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5905]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5903]: pam_unix(cron:session): session closed for user p13x
May 12 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5966]: Successful su for rubyman by root
May 12 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5966]: + ??? root:rubyman
May 12 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378635 of user rubyman.
May 12 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5966]: pam_unix(su:session): session closed for user rubyman
May 12 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378635.
May 12 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Failed password for root from 117.40.119.252 port 40848 ssh2
May 12 11:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Connection closed by 117.40.119.252 port 40848 [preauth]
May 12 11:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2655]: pam_unix(cron:session): session closed for user root
May 12 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Failed password for root from 117.40.119.252 port 42312 ssh2
May 12 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Connection closed by 117.40.119.252 port 42312 [preauth]
May 12 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5904]: pam_unix(cron:session): session closed for user samftp
May 12 11:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: Failed password for root from 117.40.119.252 port 44101 ssh2
May 12 11:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: Connection closed by 117.40.119.252 port 44101 [preauth]
May 12 11:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6176]: Failed password for root from 117.40.119.252 port 45801 ssh2
May 12 11:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6176]: Connection closed by 117.40.119.252 port 45801 [preauth]
May 12 11:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: Failed password for root from 117.40.119.252 port 47259 ssh2
May 12 11:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: Connection closed by 117.40.119.252 port 47259 [preauth]
May 12 11:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6212]: Failed password for root from 117.40.119.252 port 48794 ssh2
May 12 11:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6212]: Connection closed by 117.40.119.252 port 48794 [preauth]
May 12 11:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Failed password for root from 117.40.119.252 port 52711 ssh2
May 12 11:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Connection closed by 117.40.119.252 port 52711 [preauth]
May 12 11:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: Failed password for root from 117.40.119.252 port 54118 ssh2
May 12 11:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: Connection closed by 117.40.119.252 port 54118 [preauth]
May 12 11:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Failed password for root from 117.40.119.252 port 56004 ssh2
May 12 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: Failed password for root from 218.92.0.201 port 64706 ssh2
May 12 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Connection closed by 117.40.119.252 port 56004 [preauth]
May 12 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session closed for user root
May 12 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: Failed password for root from 117.40.119.252 port 57358 ssh2
May 12 11:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: Failed password for root from 218.92.0.201 port 64706 ssh2
May 12 11:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: Connection closed by 117.40.119.252 port 57358 [preauth]
May 12 11:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Failed password for root from 117.40.119.252 port 58835 ssh2
May 12 11:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: Failed password for root from 218.92.0.201 port 64706 ssh2
May 12 11:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Connection closed by 117.40.119.252 port 58835 [preauth]
May 12 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: Failed password for root from 218.92.0.201 port 64706 ssh2
May 12 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Failed password for root from 117.40.119.252 port 59984 ssh2
May 12 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Connection closed by 117.40.119.252 port 59984 [preauth]
May 12 11:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: Failed password for root from 218.92.0.201 port 64706 ssh2
May 12 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 64706 ssh2 [preauth]
May 12 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: Disconnecting: Too many authentication failures [preauth]
May 12 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: Failed password for root from 117.40.119.252 port 33840 ssh2
May 12 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: Connection closed by 117.40.119.252 port 33840 [preauth]
May 12 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: Failed password for root from 117.40.119.252 port 35842 ssh2
May 12 11:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: Connection closed by 117.40.119.252 port 35842 [preauth]
May 12 11:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Failed password for root from 117.40.119.252 port 37495 ssh2
May 12 11:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Connection closed by 117.40.119.252 port 37495 [preauth]
May 12 11:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6349]: Failed password for root from 117.40.119.252 port 41600 ssh2
May 12 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6349]: Connection closed by 117.40.119.252 port 41600 [preauth]
May 12 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6367]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6366]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6367]: pam_unix(cron:session): session closed for user root
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6362]: pam_unix(cron:session): session closed for user p13x
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6432]: Successful su for rubyman by root
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6432]: + ??? root:rubyman
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378637 of user rubyman.
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6432]: pam_unix(su:session): session closed for user rubyman
May 12 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378637.
May 12 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Failed password for root from 117.40.119.252 port 43305 ssh2
May 12 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Connection closed by 117.40.119.252 port 43305 [preauth]
May 12 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6364]: pam_unix(cron:session): session closed for user root
May 12 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3111]: pam_unix(cron:session): session closed for user root
May 12 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Invalid user ankit from 103.41.98.68
May 12 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: input_userauth_request: invalid user ankit [preauth]
May 12 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.98.68
May 12 11:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6363]: pam_unix(cron:session): session closed for user samftp
May 12 11:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Failed password for invalid user ankit from 103.41.98.68 port 44246 ssh2
May 12 11:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Received disconnect from 103.41.98.68 port 44246:11: Bye Bye [preauth]
May 12 11:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Disconnected from 103.41.98.68 port 44246 [preauth]
May 12 11:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Failed password for root from 117.40.119.252 port 47303 ssh2
May 12 11:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Connection closed by 117.40.119.252 port 47303 [preauth]
May 12 11:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6658]: Failed password for root from 117.40.119.252 port 48697 ssh2
May 12 11:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6658]: Connection closed by 117.40.119.252 port 48697 [preauth]
May 12 11:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Failed password for root from 117.40.119.252 port 50694 ssh2
May 12 11:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May 12 11:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Connection closed by 117.40.119.252 port 50694 [preauth]
May 12 11:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Failed password for root from 218.92.0.112 port 11066 ssh2
May 12 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: Failed password for root from 117.40.119.252 port 52598 ssh2
May 12 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: Connection closed by 117.40.119.252 port 52598 [preauth]
May 12 11:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Failed password for root from 117.40.119.252 port 53878 ssh2
May 12 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Connection closed by 117.40.119.252 port 53878 [preauth]
May 12 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: Failed password for root from 117.40.119.252 port 55715 ssh2
May 12 11:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: Connection closed by 117.40.119.252 port 55715 [preauth]
May 12 11:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Received disconnect from 218.92.0.112 port 11066:11:  [preauth]
May 12 11:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Disconnected from 218.92.0.112 port 11066 [preauth]
May 12 11:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: Failed password for root from 117.40.119.252 port 57377 ssh2
May 12 11:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: Connection closed by 117.40.119.252 port 57377 [preauth]
May 12 11:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5332]: pam_unix(cron:session): session closed for user root
May 12 11:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Failed password for root from 117.40.119.252 port 58854 ssh2
May 12 11:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Connection closed by 117.40.119.252 port 58854 [preauth]
May 12 11:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: Failed password for root from 117.40.119.252 port 60521 ssh2
May 12 11:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: Connection closed by 117.40.119.252 port 60521 [preauth]
May 12 11:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May 12 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: Failed password for root from 117.40.119.252 port 34262 ssh2
May 12 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: Connection closed by 117.40.119.252 port 34262 [preauth]
May 12 11:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Failed password for root from 218.92.0.112 port 21444 ssh2
May 12 11:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: Failed password for root from 117.40.119.252 port 35942 ssh2
May 12 11:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: Connection closed by 117.40.119.252 port 35942 [preauth]
May 12 11:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Failed password for root from 117.40.119.252 port 38874 ssh2
May 12 11:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Connection closed by 117.40.119.252 port 38874 [preauth]
May 12 11:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6811]: Failed password for root from 117.40.119.252 port 40669 ssh2
May 12 11:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6811]: Connection closed by 117.40.119.252 port 40669 [preauth]
May 12 11:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session closed for user p13x
May 12 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6902]: Successful su for rubyman by root
May 12 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6902]: + ??? root:rubyman
May 12 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378645 of user rubyman.
May 12 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6902]: pam_unix(su:session): session closed for user rubyman
May 12 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378645.
May 12 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Failed password for root from 117.40.119.252 port 45325 ssh2
May 12 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Connection closed by 117.40.119.252 port 45325 [preauth]
May 12 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3597]: pam_unix(cron:session): session closed for user root
May 12 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session closed for user samftp
May 12 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7190]: Failed password for root from 117.40.119.252 port 46885 ssh2
May 12 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7190]: Connection closed by 117.40.119.252 port 46885 [preauth]
May 12 11:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Failed password for root from 117.40.119.252 port 52310 ssh2
May 12 11:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Connection closed by 117.40.119.252 port 52310 [preauth]
May 12 11:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7246]: Failed password for root from 117.40.119.252 port 53979 ssh2
May 12 11:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7246]: Connection closed by 117.40.119.252 port 53979 [preauth]
May 12 11:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Failed password for root from 117.40.119.252 port 55480 ssh2
May 12 11:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Connection closed by 117.40.119.252 port 55480 [preauth]
May 12 11:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7283]: Failed password for root from 117.40.119.252 port 57134 ssh2
May 12 11:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7283]: Connection closed by 117.40.119.252 port 57134 [preauth]
May 12 11:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Failed password for root from 117.40.119.252 port 60314 ssh2
May 12 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Connection closed by 117.40.119.252 port 60314 [preauth]
May 12 11:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5906]: pam_unix(cron:session): session closed for user root
May 12 11:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: Failed password for root from 117.40.119.252 port 39156 ssh2
May 12 11:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: Connection closed by 117.40.119.252 port 39156 [preauth]
May 12 11:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: Failed password for root from 117.40.119.252 port 41436 ssh2
May 12 11:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: Connection closed by 117.40.119.252 port 41436 [preauth]
May 12 11:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: Failed password for root from 117.40.119.252 port 42881 ssh2
May 12 11:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: Connection closed by 117.40.119.252 port 42881 [preauth]
May 12 11:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: Failed password for root from 117.40.119.252 port 44459 ssh2
May 12 11:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: Connection closed by 117.40.119.252 port 44459 [preauth]
May 12 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7381]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7382]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7379]: pam_unix(cron:session): session closed for user p13x
May 12 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7438]: Successful su for rubyman by root
May 12 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7438]: + ??? root:rubyman
May 12 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378649 of user rubyman.
May 12 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7438]: pam_unix(su:session): session closed for user rubyman
May 12 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378649.
May 12 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session closed for user root
May 12 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7380]: pam_unix(cron:session): session closed for user samftp
May 12 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: Failed password for root from 117.40.119.252 port 51331 ssh2
May 12 11:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: Connection closed by 117.40.119.252 port 51331 [preauth]
May 12 11:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7784]: Failed password for root from 117.40.119.252 port 54454 ssh2
May 12 11:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7784]: Connection closed by 117.40.119.252 port 54454 [preauth]
May 12 11:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Failed password for root from 117.40.119.252 port 56831 ssh2
May 12 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Connection closed by 117.40.119.252 port 56831 [preauth]
May 12 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Failed password for root from 117.40.119.252 port 58213 ssh2
May 12 11:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Connection closed by 117.40.119.252 port 58213 [preauth]
May 12 11:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Failed password for root from 117.40.119.252 port 59719 ssh2
May 12 11:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Connection closed by 117.40.119.252 port 59719 [preauth]
May 12 11:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: Failed password for root from 117.40.119.252 port 32989 ssh2
May 12 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: Connection closed by 117.40.119.252 port 32989 [preauth]
May 12 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6366]: pam_unix(cron:session): session closed for user root
May 12 11:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: Failed password for root from 117.40.119.252 port 37167 ssh2
May 12 11:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: Connection closed by 117.40.119.252 port 37167 [preauth]
May 12 11:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: Failed password for root from 117.40.119.252 port 45348 ssh2
May 12 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: Connection closed by 117.40.119.252 port 45348 [preauth]
May 12 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7910]: Failed password for root from 117.40.119.252 port 47053 ssh2
May 12 11:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7910]: Connection closed by 117.40.119.252 port 47053 [preauth]
May 12 11:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: Failed password for root from 117.40.119.252 port 48823 ssh2
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: Connection closed by 117.40.119.252 port 48823 [preauth]
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7934]: pam_unix(cron:session): session closed for user p13x
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8000]: Successful su for rubyman by root
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8000]: + ??? root:rubyman
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378652 of user rubyman.
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8000]: pam_unix(su:session): session closed for user rubyman
May 12 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378652.
May 12 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4681]: pam_unix(cron:session): session closed for user root
May 12 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: Failed password for root from 117.40.119.252 port 50408 ssh2
May 12 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: Connection closed by 117.40.119.252 port 50408 [preauth]
May 12 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session closed for user samftp
May 12 11:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: Failed password for root from 117.40.119.252 port 55243 ssh2
May 12 11:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: Connection closed by 117.40.119.252 port 55243 [preauth]
May 12 11:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: Failed password for root from 117.40.119.252 port 56835 ssh2
May 12 11:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: Connection closed by 117.40.119.252 port 56835 [preauth]
May 12 11:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: Failed password for root from 117.40.119.252 port 58897 ssh2
May 12 11:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: Connection closed by 117.40.119.252 port 58897 [preauth]
May 12 11:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Failed password for root from 117.40.119.252 port 33746 ssh2
May 12 11:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Connection closed by 117.40.119.252 port 33746 [preauth]
May 12 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session closed for user root
May 12 11:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Failed password for root from 117.40.119.252 port 39639 ssh2
May 12 11:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Connection closed by 117.40.119.252 port 39639 [preauth]
May 12 11:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Failed password for root from 117.40.119.252 port 41078 ssh2
May 12 11:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Connection closed by 117.40.119.252 port 41078 [preauth]
May 12 11:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Failed password for root from 117.40.119.252 port 43930 ssh2
May 12 11:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Connection closed by 117.40.119.252 port 43930 [preauth]
May 12 11:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: Failed password for root from 117.40.119.252 port 45521 ssh2
May 12 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: Connection closed by 117.40.119.252 port 45521 [preauth]
May 12 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8362]: Failed password for root from 117.40.119.252 port 47187 ssh2
May 12 11:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8362]: Connection closed by 117.40.119.252 port 47187 [preauth]
May 12 11:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Failed password for root from 117.40.119.252 port 48828 ssh2
May 12 11:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Connection closed by 117.40.119.252 port 48828 [preauth]
May 12 11:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8391]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8390]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8388]: pam_unix(cron:session): session closed for user p13x
May 12 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Failed password for root from 117.40.119.252 port 50658 ssh2
May 12 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Connection closed by 117.40.119.252 port 50658 [preauth]
May 12 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8453]: Successful su for rubyman by root
May 12 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8453]: + ??? root:rubyman
May 12 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378657 of user rubyman.
May 12 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8453]: pam_unix(su:session): session closed for user rubyman
May 12 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378657.
May 12 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5330]: pam_unix(cron:session): session closed for user root
May 12 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Failed password for root from 117.40.119.252 port 52486 ssh2
May 12 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Connection closed by 117.40.119.252 port 52486 [preauth]
May 12 11:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8389]: pam_unix(cron:session): session closed for user samftp
May 12 11:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: Failed password for root from 117.40.119.252 port 54740 ssh2
May 12 11:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: Connection closed by 117.40.119.252 port 54740 [preauth]
May 12 11:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: Failed password for root from 117.40.119.252 port 56359 ssh2
May 12 11:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: Connection closed by 117.40.119.252 port 56359 [preauth]
May 12 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Failed password for root from 117.40.119.252 port 58070 ssh2
May 12 11:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Connection closed by 117.40.119.252 port 58070 [preauth]
May 12 11:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: Failed password for root from 117.40.119.252 port 60350 ssh2
May 12 11:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: Connection closed by 117.40.119.252 port 60350 [preauth]
May 12 11:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: Failed password for root from 117.40.119.252 port 33566 ssh2
May 12 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: Connection closed by 117.40.119.252 port 33566 [preauth]
May 12 11:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Failed password for root from 117.40.119.252 port 35121 ssh2
May 12 11:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Connection closed by 117.40.119.252 port 35121 [preauth]
May 12 11:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: Failed password for root from 117.40.119.252 port 37048 ssh2
May 12 11:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: Connection closed by 117.40.119.252 port 37048 [preauth]
May 12 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7382]: pam_unix(cron:session): session closed for user root
May 12 11:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Failed password for root from 117.40.119.252 port 41131 ssh2
May 12 11:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Connection closed by 117.40.119.252 port 41131 [preauth]
May 12 11:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8805]: Failed password for root from 117.40.119.252 port 45293 ssh2
May 12 11:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8805]: Connection closed by 117.40.119.252 port 45293 [preauth]
May 12 11:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8816]: Failed password for root from 117.40.119.252 port 47400 ssh2
May 12 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8816]: Connection closed by 117.40.119.252 port 47400 [preauth]
May 12 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: Failed password for root from 117.40.119.252 port 48819 ssh2
May 12 11:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: Connection closed by 117.40.119.252 port 48819 [preauth]
May 12 11:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Failed password for root from 117.40.119.252 port 50239 ssh2
May 12 11:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Connection closed by 117.40.119.252 port 50239 [preauth]
May 12 11:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Failed password for root from 117.40.119.252 port 51709 ssh2
May 12 11:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Connection closed by 117.40.119.252 port 51709 [preauth]
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8849]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8851]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8852]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8850]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8852]: pam_unix(cron:session): session closed for user root
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8846]: pam_unix(cron:session): session closed for user p13x
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8917]: Successful su for rubyman by root
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8917]: + ??? root:rubyman
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378662 of user rubyman.
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8917]: pam_unix(su:session): session closed for user rubyman
May 12 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378662.
May 12 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8849]: pam_unix(cron:session): session closed for user root
May 12 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5905]: pam_unix(cron:session): session closed for user root
May 12 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: Failed password for root from 117.40.119.252 port 53441 ssh2
May 12 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: Connection closed by 117.40.119.252 port 53441 [preauth]
May 12 11:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8847]: pam_unix(cron:session): session closed for user samftp
May 12 11:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: Failed password for root from 117.40.119.252 port 56520 ssh2
May 12 11:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: Connection closed by 117.40.119.252 port 56520 [preauth]
May 12 11:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9233]: Failed password for root from 117.40.119.252 port 58668 ssh2
May 12 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9233]: Connection closed by 117.40.119.252 port 58668 [preauth]
May 12 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: Failed password for root from 117.40.119.252 port 33293 ssh2
May 12 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: Connection closed by 117.40.119.252 port 33293 [preauth]
May 12 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9262]: Failed password for root from 117.40.119.252 port 34888 ssh2
May 12 11:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9262]: Connection closed by 117.40.119.252 port 34888 [preauth]
May 12 11:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Failed password for root from 117.40.119.252 port 36562 ssh2
May 12 11:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Connection closed by 117.40.119.252 port 36562 [preauth]
May 12 11:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9326]: Failed password for root from 117.40.119.252 port 38144 ssh2
May 12 11:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9326]: Connection closed by 117.40.119.252 port 38144 [preauth]
May 12 11:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session closed for user root
May 12 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Failed password for root from 117.40.119.252 port 40351 ssh2
May 12 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Connection closed by 117.40.119.252 port 40351 [preauth]
May 12 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: Failed password for root from 117.40.119.252 port 42626 ssh2
May 12 11:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: Connection closed by 117.40.119.252 port 42626 [preauth]
May 12 11:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: Failed password for root from 117.40.119.252 port 44470 ssh2
May 12 11:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: Connection closed by 117.40.119.252 port 44470 [preauth]
May 12 11:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: Failed password for root from 117.40.119.252 port 45875 ssh2
May 12 11:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: Connection closed by 117.40.119.252 port 45875 [preauth]
May 12 11:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166  user=root
May 12 11:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: Failed password for root from 156.251.24.166 port 55728 ssh2
May 12 11:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: Received disconnect from 156.251.24.166 port 55728:11: Bye Bye [preauth]
May 12 11:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: Disconnected from 156.251.24.166 port 55728 [preauth]
May 12 11:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9411]: Failed password for root from 117.40.119.252 port 47222 ssh2
May 12 11:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9411]: Connection closed by 117.40.119.252 port 47222 [preauth]
May 12 11:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9413]: Failed password for root from 117.40.119.252 port 50737 ssh2
May 12 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9413]: Connection closed by 117.40.119.252 port 50737 [preauth]
May 12 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: Failed password for root from 117.40.119.252 port 52353 ssh2
May 12 11:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: Connection closed by 117.40.119.252 port 52353 [preauth]
May 12 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9440]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9439]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9437]: pam_unix(cron:session): session closed for user p13x
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: Successful su for rubyman by root
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: + ??? root:rubyman
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378667 of user rubyman.
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: pam_unix(su:session): session closed for user rubyman
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378667.
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: Failed password for root from 117.40.119.252 port 53956 ssh2
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: Connection closed by 117.40.119.252 port 53956 [preauth]
May 12 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Failed password for root from 117.40.119.252 port 56596 ssh2
May 12 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Connection closed by 117.40.119.252 port 56596 [preauth]
May 12 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6365]: pam_unix(cron:session): session closed for user root
May 12 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9438]: pam_unix(cron:session): session closed for user samftp
May 12 11:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Failed password for root from 117.40.119.252 port 57882 ssh2
May 12 11:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Connection closed by 117.40.119.252 port 57882 [preauth]
May 12 11:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: Failed password for root from 117.40.119.252 port 59506 ssh2
May 12 11:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: Connection closed by 117.40.119.252 port 59506 [preauth]
May 12 11:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: Failed password for root from 117.40.119.252 port 32897 ssh2
May 12 11:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: Connection closed by 117.40.119.252 port 32897 [preauth]
May 12 11:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Failed password for root from 117.40.119.252 port 34579 ssh2
May 12 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Connection closed by 117.40.119.252 port 34579 [preauth]
May 12 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: Failed password for root from 117.40.119.252 port 36210 ssh2
May 12 11:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: Connection closed by 117.40.119.252 port 36210 [preauth]
May 12 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: Failed password for root from 117.40.119.252 port 37761 ssh2
May 12 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: Connection closed by 117.40.119.252 port 37761 [preauth]
May 12 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Failed password for root from 117.40.119.252 port 39552 ssh2
May 12 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Connection closed by 117.40.119.252 port 39552 [preauth]
May 12 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9773]: Failed password for root from 117.40.119.252 port 41547 ssh2
May 12 11:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9773]: Connection closed by 117.40.119.252 port 41547 [preauth]
May 12 11:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Failed password for root from 117.40.119.252 port 43035 ssh2
May 12 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Connection closed by 117.40.119.252 port 43035 [preauth]
May 12 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8391]: pam_unix(cron:session): session closed for user root
May 12 11:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: Failed password for root from 117.40.119.252 port 44407 ssh2
May 12 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: Connection closed by 117.40.119.252 port 44407 [preauth]
May 12 11:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: Failed password for root from 117.40.119.252 port 47743 ssh2
May 12 11:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: Connection closed by 117.40.119.252 port 47743 [preauth]
May 12 11:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Failed password for root from 117.40.119.252 port 49316 ssh2
May 12 11:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Connection closed by 117.40.119.252 port 49316 [preauth]
May 12 11:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: Failed password for root from 117.40.119.252 port 51263 ssh2
May 12 11:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: Connection closed by 117.40.119.252 port 51263 [preauth]
May 12 11:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: Failed password for root from 117.40.119.252 port 52558 ssh2
May 12 11:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: Connection closed by 117.40.119.252 port 52558 [preauth]
May 12 11:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: Failed password for root from 117.40.119.252 port 54521 ssh2
May 12 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: Connection closed by 117.40.119.252 port 54521 [preauth]
May 12 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9880]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9881]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session closed for user p13x
May 12 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9942]: Successful su for rubyman by root
May 12 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9942]: + ??? root:rubyman
May 12 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378669 of user rubyman.
May 12 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9942]: pam_unix(su:session): session closed for user rubyman
May 12 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378669.
May 12 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: Failed password for root from 117.40.119.252 port 58919 ssh2
May 12 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: Connection closed by 117.40.119.252 port 58919 [preauth]
May 12 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session closed for user root
May 12 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session closed for user samftp
May 12 11:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: Failed password for root from 117.40.119.252 port 60412 ssh2
May 12 11:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: Connection closed by 117.40.119.252 port 60412 [preauth]
May 12 11:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: Failed password for root from 117.40.119.252 port 33774 ssh2
May 12 11:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: Connection closed by 117.40.119.252 port 33774 [preauth]
May 12 11:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: Failed password for root from 117.40.119.252 port 38009 ssh2
May 12 11:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: Connection closed by 117.40.119.252 port 38009 [preauth]
May 12 11:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Failed password for root from 117.40.119.252 port 39451 ssh2
May 12 11:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Connection closed by 117.40.119.252 port 39451 [preauth]
May 12 11:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10173]: Failed password for root from 117.40.119.252 port 40953 ssh2
May 12 11:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10173]: Connection closed by 117.40.119.252 port 40953 [preauth]
May 12 11:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Failed password for root from 117.40.119.252 port 42531 ssh2
May 12 11:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Connection closed by 117.40.119.252 port 42531 [preauth]
May 12 11:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: Failed password for root from 117.40.119.252 port 44681 ssh2
May 12 11:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: Connection closed by 117.40.119.252 port 44681 [preauth]
May 12 11:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8851]: pam_unix(cron:session): session closed for user root
May 12 11:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: Failed password for root from 117.40.119.252 port 46204 ssh2
May 12 11:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: Connection closed by 117.40.119.252 port 46204 [preauth]
May 12 11:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Failed password for root from 117.40.119.252 port 47608 ssh2
May 12 11:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Connection closed by 117.40.119.252 port 47608 [preauth]
May 12 11:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Invalid user admin from 80.94.95.125
May 12 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: input_userauth_request: invalid user admin [preauth]
May 12 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 11:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Failed password for invalid user admin from 80.94.95.125 port 11168 ssh2
May 12 11:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Received disconnect from 80.94.95.125 port 11168:11: Bye [preauth]
May 12 11:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Disconnected from 80.94.95.125 port 11168 [preauth]
May 12 11:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Failed password for root from 117.40.119.252 port 53068 ssh2
May 12 11:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Connection closed by 117.40.119.252 port 53068 [preauth]
May 12 11:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Failed password for root from 117.40.119.252 port 54994 ssh2
May 12 11:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Connection closed by 117.40.119.252 port 54994 [preauth]
May 12 11:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10380]: Failed password for root from 117.40.119.252 port 56653 ssh2
May 12 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10380]: Connection closed by 117.40.119.252 port 56653 [preauth]
May 12 11:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Failed password for root from 117.40.119.252 port 57943 ssh2
May 12 11:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Connection closed by 117.40.119.252 port 57943 [preauth]
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10412]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10410]: pam_unix(cron:session): session closed for user p13x
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10481]: Successful su for rubyman by root
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10481]: + ??? root:rubyman
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378675 of user rubyman.
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10481]: pam_unix(su:session): session closed for user rubyman
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378675.
May 12 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10406]: Failed password for root from 117.40.119.252 port 60030 ssh2
May 12 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7381]: pam_unix(cron:session): session closed for user root
May 12 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10406]: Connection closed by 117.40.119.252 port 60030 [preauth]
May 12 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10411]: pam_unix(cron:session): session closed for user samftp
May 12 11:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Failed password for root from 117.40.119.252 port 33384 ssh2
May 12 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Connection closed by 117.40.119.252 port 33384 [preauth]
May 12 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: Failed password for root from 117.40.119.252 port 36280 ssh2
May 12 11:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: Connection closed by 117.40.119.252 port 36280 [preauth]
May 12 11:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Failed password for root from 117.40.119.252 port 38116 ssh2
May 12 11:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Connection closed by 117.40.119.252 port 38116 [preauth]
May 12 11:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10774]: Failed password for root from 117.40.119.252 port 41309 ssh2
May 12 11:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10774]: Connection closed by 117.40.119.252 port 41309 [preauth]
May 12 11:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10800]: Failed password for root from 117.40.119.252 port 43020 ssh2
May 12 11:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10800]: Connection closed by 117.40.119.252 port 43020 [preauth]
May 12 11:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Failed password for root from 117.40.119.252 port 45016 ssh2
May 12 11:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Connection closed by 117.40.119.252 port 45016 [preauth]
May 12 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9440]: pam_unix(cron:session): session closed for user root
May 12 11:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: Failed password for root from 117.40.119.252 port 48860 ssh2
May 12 11:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: Connection closed by 117.40.119.252 port 48860 [preauth]
May 12 11:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: Failed password for root from 117.40.119.252 port 51916 ssh2
May 12 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Invalid user ftptest from 185.93.89.118
May 12 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: input_userauth_request: invalid user ftptest [preauth]
May 12 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: Connection closed by 117.40.119.252 port 51916 [preauth]
May 12 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Failed password for invalid user ftptest from 185.93.89.118 port 57832 ssh2
May 12 11:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Connection closed by 185.93.89.118 port 57832 [preauth]
May 12 11:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10886]: Failed password for root from 117.40.119.252 port 53577 ssh2
May 12 11:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10886]: Connection closed by 117.40.119.252 port 53577 [preauth]
May 12 11:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Failed password for root from 117.40.119.252 port 55173 ssh2
May 12 11:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Connection closed by 117.40.119.252 port 55173 [preauth]
May 12 11:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: Failed password for root from 117.40.119.252 port 56589 ssh2
May 12 11:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: Connection closed by 117.40.119.252 port 56589 [preauth]
May 12 11:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 12 11:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.198.93
May 12 11:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: Failed password for root from 117.40.119.252 port 58627 ssh2
May 12 11:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: Connection closed by 117.40.119.252 port 58627 [preauth]
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10941]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session closed for user p13x
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11057]: Successful su for rubyman by root
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11057]: + ??? root:rubyman
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378678 of user rubyman.
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11057]: pam_unix(su:session): session closed for user rubyman
May 12 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378678.
May 12 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session closed for user root
May 12 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session closed for user root
May 12 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: Invalid user ftptest from 185.93.89.118
May 12 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: input_userauth_request: invalid user ftptest [preauth]
May 12 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: Failed password for invalid user ftptest from 185.93.89.118 port 42650 ssh2
May 12 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session closed for user samftp
May 12 11:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: Failed password for root from 117.40.119.252 port 34550 ssh2
May 12 11:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: Connection closed by 117.40.119.252 port 34550 [preauth]
May 12 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: Connection closed by 185.93.89.118 port 42650 [preauth]
May 12 11:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11274]: Failed password for root from 117.40.119.252 port 36546 ssh2
May 12 11:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11274]: Connection closed by 117.40.119.252 port 36546 [preauth]
May 12 11:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Failed password for root from 117.40.119.252 port 38087 ssh2
May 12 11:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Connection closed by 117.40.119.252 port 38087 [preauth]
May 12 11:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: Failed password for root from 117.40.119.252 port 39589 ssh2
May 12 11:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: Connection closed by 117.40.119.252 port 39589 [preauth]
May 12 11:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11312]: Failed password for root from 117.40.119.252 port 41336 ssh2
May 12 11:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11312]: Connection closed by 117.40.119.252 port 41336 [preauth]
May 12 11:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: User ftp from 185.93.89.118 not allowed because not listed in AllowUsers
May 12 11:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: input_userauth_request: invalid user ftp [preauth]
May 12 11:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=ftp
May 12 11:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Failed password for invalid user ftp from 185.93.89.118 port 55574 ssh2
May 12 11:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11339]: Failed password for root from 117.40.119.252 port 42962 ssh2
May 12 11:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11339]: Connection closed by 117.40.119.252 port 42962 [preauth]
May 12 11:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Connection closed by 185.93.89.118 port 55574 [preauth]
May 12 11:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Failed password for root from 117.40.119.252 port 44492 ssh2
May 12 11:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Connection closed by 117.40.119.252 port 44492 [preauth]
May 12 11:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9881]: pam_unix(cron:session): session closed for user root
May 12 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11366]: Failed password for root from 117.40.119.252 port 47687 ssh2
May 12 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11366]: Connection closed by 117.40.119.252 port 47687 [preauth]
May 12 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: Failed password for root from 117.40.119.252 port 49178 ssh2
May 12 11:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: Connection closed by 117.40.119.252 port 49178 [preauth]
May 12 11:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Invalid user ftp_id from 185.93.89.118
May 12 11:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: input_userauth_request: invalid user ftp_id [preauth]
May 12 11:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 11:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Failed password for invalid user ftp_id from 185.93.89.118 port 8166 ssh2
May 12 11:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Connection closed by 185.93.89.118 port 8166 [preauth]
May 12 11:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11427]: Failed password for root from 117.40.119.252 port 53391 ssh2
May 12 11:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11427]: Connection closed by 117.40.119.252 port 53391 [preauth]
May 12 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: Failed password for root from 117.40.119.252 port 58835 ssh2
May 12 11:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: Connection closed by 117.40.119.252 port 58835 [preauth]
May 12 11:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11429]: User ftp from 185.93.89.118 not allowed because not listed in AllowUsers
May 12 11:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11429]: input_userauth_request: invalid user ftp [preauth]
May 12 11:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=ftp
May 12 11:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Failed password for root from 117.40.119.252 port 60611 ssh2
May 12 11:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Connection closed by 117.40.119.252 port 60611 [preauth]
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11469]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11468]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session closed for user root
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11465]: pam_unix(cron:session): session closed for user p13x
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11429]: Failed password for invalid user ftp from 185.93.89.118 port 4706 ssh2
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11542]: Successful su for rubyman by root
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11542]: + ??? root:rubyman
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378682 of user rubyman.
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11542]: pam_unix(su:session): session closed for user rubyman
May 12 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378682.
May 12 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11429]: Connection closed by 185.93.89.118 port 4706 [preauth]
May 12 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session closed for user root
May 12 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Failed password for root from 117.40.119.252 port 33992 ssh2
May 12 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Connection closed by 117.40.119.252 port 33992 [preauth]
May 12 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8390]: pam_unix(cron:session): session closed for user root
May 12 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11466]: pam_unix(cron:session): session closed for user samftp
May 12 11:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: Failed password for root from 117.40.119.252 port 36130 ssh2
May 12 11:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: Connection closed by 117.40.119.252 port 36130 [preauth]
May 12 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: Failed password for root from 117.40.119.252 port 37795 ssh2
May 12 11:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: Connection closed by 117.40.119.252 port 37795 [preauth]
May 12 11:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11784]: Failed password for root from 117.40.119.252 port 41008 ssh2
May 12 11:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11784]: Connection closed by 117.40.119.252 port 41008 [preauth]
May 12 11:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: Failed password for root from 117.40.119.252 port 44213 ssh2
May 12 11:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: Connection closed by 117.40.119.252 port 44213 [preauth]
May 12 11:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session closed for user root
May 12 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Failed password for root from 117.40.119.252 port 47350 ssh2
May 12 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Connection closed by 117.40.119.252 port 47350 [preauth]
May 12 11:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11881]: Failed password for root from 117.40.119.252 port 54995 ssh2
May 12 11:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11881]: Connection closed by 117.40.119.252 port 54995 [preauth]
May 12 11:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: Failed password for root from 117.40.119.252 port 56754 ssh2
May 12 11:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: Connection closed by 117.40.119.252 port 56754 [preauth]
May 12 11:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11903]: Failed password for root from 117.40.119.252 port 60697 ssh2
May 12 11:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11903]: Connection closed by 117.40.119.252 port 60697 [preauth]
May 12 11:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11917]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11918]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session closed for user p13x
May 12 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11981]: Successful su for rubyman by root
May 12 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11981]: + ??? root:rubyman
May 12 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378689 of user rubyman.
May 12 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11981]: pam_unix(su:session): session closed for user rubyman
May 12 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378689.
May 12 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May 12 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8850]: pam_unix(cron:session): session closed for user root
May 12 11:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: Failed password for root from 218.92.0.236 port 14180 ssh2
May 12 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: Failed password for root from 117.40.119.252 port 34545 ssh2
May 12 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: Connection closed by 117.40.119.252 port 34545 [preauth]
May 12 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11916]: pam_unix(cron:session): session closed for user samftp
May 12 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: Failed password for root from 218.92.0.236 port 14180 ssh2
May 12 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: Failed password for root from 117.40.119.252 port 37560 ssh2
May 12 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: Connection closed by 117.40.119.252 port 37560 [preauth]
May 12 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: Failed password for root from 218.92.0.236 port 14180 ssh2
May 12 11:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: Received disconnect from 218.92.0.236 port 14180:11:  [preauth]
May 12 11:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: Disconnected from 218.92.0.236 port 14180 [preauth]
May 12 11:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May 12 11:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: Failed password for root from 117.40.119.252 port 38989 ssh2
May 12 11:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: Connection closed by 117.40.119.252 port 38989 [preauth]
May 12 11:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12175]: Failed password for root from 117.40.119.252 port 40827 ssh2
May 12 11:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12175]: Connection closed by 117.40.119.252 port 40827 [preauth]
May 12 11:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: Failed password for root from 117.40.119.252 port 42265 ssh2
May 12 11:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: Connection closed by 117.40.119.252 port 42265 [preauth]
May 12 11:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Failed password for root from 117.40.119.252 port 43904 ssh2
May 12 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Connection closed by 117.40.119.252 port 43904 [preauth]
May 12 11:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Failed password for root from 117.40.119.252 port 45513 ssh2
May 12 11:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Connection closed by 117.40.119.252 port 45513 [preauth]
May 12 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10941]: pam_unix(cron:session): session closed for user root
May 12 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: Failed password for root from 117.40.119.252 port 50942 ssh2
May 12 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: Connection closed by 117.40.119.252 port 50942 [preauth]
May 12 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: Failed password for root from 117.40.119.252 port 52473 ssh2
May 12 11:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: Connection closed by 117.40.119.252 port 52473 [preauth]
May 12 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: Failed password for root from 117.40.119.252 port 56489 ssh2
May 12 11:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: Connection closed by 117.40.119.252 port 56489 [preauth]
May 12 11:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12327]: Failed password for root from 117.40.119.252 port 59748 ssh2
May 12 11:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12327]: Connection closed by 117.40.119.252 port 59748 [preauth]
May 12 11:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: Failed password for root from 117.40.119.252 port 33245 ssh2
May 12 11:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: Connection closed by 117.40.119.252 port 33245 [preauth]
May 12 11:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Failed password for root from 117.40.119.252 port 34728 ssh2
May 12 11:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Connection closed by 117.40.119.252 port 34728 [preauth]
May 12 11:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12368]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session closed for user p13x
May 12 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: Successful su for rubyman by root
May 12 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: + ??? root:rubyman
May 12 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378692 of user rubyman.
May 12 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: pam_unix(su:session): session closed for user rubyman
May 12 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378692.
May 12 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12352]: Failed password for root from 117.40.119.252 port 36358 ssh2
May 12 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12352]: Connection closed by 117.40.119.252 port 36358 [preauth]
May 12 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Failed password for root from 218.92.0.231 port 55812 ssh2
May 12 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9439]: pam_unix(cron:session): session closed for user root
May 12 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Failed password for root from 117.40.119.252 port 38049 ssh2
May 12 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Connection closed by 117.40.119.252 port 38049 [preauth]
May 12 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Failed password for root from 218.92.0.231 port 55812 ssh2
May 12 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session closed for user samftp
May 12 11:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Failed password for root from 218.92.0.231 port 55812 ssh2
May 12 11:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Received disconnect from 218.92.0.231 port 55812:11:  [preauth]
May 12 11:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Disconnected from 218.92.0.231 port 55812 [preauth]
May 12 11:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: Failed password for root from 117.40.119.252 port 39580 ssh2
May 12 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: Connection closed by 117.40.119.252 port 39580 [preauth]
May 12 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: Failed password for root from 117.40.119.252 port 41094 ssh2
May 12 11:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: Connection closed by 117.40.119.252 port 41094 [preauth]
May 12 11:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Failed password for root from 117.40.119.252 port 42908 ssh2
May 12 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Connection closed by 117.40.119.252 port 42908 [preauth]
May 12 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: Failed password for root from 117.40.119.252 port 44622 ssh2
May 12 11:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: Connection closed by 117.40.119.252 port 44622 [preauth]
May 12 11:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12642]: Failed password for root from 117.40.119.252 port 46173 ssh2
May 12 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12642]: Connection closed by 117.40.119.252 port 46173 [preauth]
May 12 11:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Failed password for root from 117.40.119.252 port 49904 ssh2
May 12 11:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Connection closed by 117.40.119.252 port 49904 [preauth]
May 12 11:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Failed password for root from 117.40.119.252 port 51314 ssh2
May 12 11:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Connection closed by 117.40.119.252 port 51314 [preauth]
May 12 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11469]: pam_unix(cron:session): session closed for user root
May 12 11:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Failed password for root from 117.40.119.252 port 55159 ssh2
May 12 11:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Connection closed by 117.40.119.252 port 55159 [preauth]
May 12 11:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: Failed password for root from 117.40.119.252 port 56485 ssh2
May 12 11:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: Connection closed by 117.40.119.252 port 56485 [preauth]
May 12 11:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Failed password for root from 117.40.119.252 port 58060 ssh2
May 12 11:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Connection closed by 117.40.119.252 port 58060 [preauth]
May 12 11:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Invalid user nodeuser from 156.251.24.166
May 12 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: input_userauth_request: invalid user nodeuser [preauth]
May 12 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 11:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: Failed password for root from 117.40.119.252 port 59310 ssh2
May 12 11:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: Connection closed by 117.40.119.252 port 59310 [preauth]
May 12 11:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Failed password for invalid user nodeuser from 156.251.24.166 port 35412 ssh2
May 12 11:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Received disconnect from 156.251.24.166 port 35412:11: Bye Bye [preauth]
May 12 11:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Disconnected from 156.251.24.166 port 35412 [preauth]
May 12 11:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Failed password for root from 117.40.119.252 port 60854 ssh2
May 12 11:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Connection closed by 117.40.119.252 port 60854 [preauth]
May 12 11:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12767]: Failed password for root from 117.40.119.252 port 36313 ssh2
May 12 11:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12767]: Connection closed by 117.40.119.252 port 36313 [preauth]
May 12 11:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12782]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12780]: pam_unix(cron:session): session closed for user p13x
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: Successful su for rubyman by root
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: + ??? root:rubyman
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378696 of user rubyman.
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: pam_unix(su:session): session closed for user rubyman
May 12 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378696.
May 12 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: Failed password for root from 117.40.119.252 port 38513 ssh2
May 12 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: Connection closed by 117.40.119.252 port 38513 [preauth]
May 12 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9880]: pam_unix(cron:session): session closed for user root
May 12 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12781]: pam_unix(cron:session): session closed for user samftp
May 12 11:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Failed password for root from 117.40.119.252 port 42336 ssh2
May 12 11:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Connection closed by 117.40.119.252 port 42336 [preauth]
May 12 11:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: Failed password for root from 117.40.119.252 port 44913 ssh2
May 12 11:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: Connection closed by 117.40.119.252 port 44913 [preauth]
May 12 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11918]: pam_unix(cron:session): session closed for user root
May 12 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Failed password for root from 117.40.119.252 port 52606 ssh2
May 12 11:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Connection closed by 117.40.119.252 port 52606 [preauth]
May 12 11:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13131]: Failed password for root from 117.40.119.252 port 55464 ssh2
May 12 11:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13131]: Connection closed by 117.40.119.252 port 55464 [preauth]
May 12 11:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13133]: Failed password for root from 117.40.119.252 port 58344 ssh2
May 12 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13133]: Connection closed by 117.40.119.252 port 58344 [preauth]
May 12 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Failed password for root from 117.40.119.252 port 60773 ssh2
May 12 11:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Connection closed by 117.40.119.252 port 60773 [preauth]
May 12 11:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Failed password for root from 117.40.119.252 port 36535 ssh2
May 12 11:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Connection closed by 117.40.119.252 port 36535 [preauth]
May 12 11:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13189]: pam_unix(cron:session): session closed for user p13x
May 12 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13249]: Successful su for rubyman by root
May 12 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13249]: + ??? root:rubyman
May 12 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378701 of user rubyman.
May 12 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13249]: pam_unix(su:session): session closed for user rubyman
May 12 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378701.
May 12 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: Failed password for root from 117.40.119.252 port 37984 ssh2
May 12 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: Connection closed by 117.40.119.252 port 37984 [preauth]
May 12 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10412]: pam_unix(cron:session): session closed for user root
May 12 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13190]: pam_unix(cron:session): session closed for user samftp
May 12 11:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May 12 11:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: Failed password for root from 117.40.119.252 port 41468 ssh2
May 12 11:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: Connection closed by 117.40.119.252 port 41468 [preauth]
May 12 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Failed password for root from 218.92.0.215 port 55274 ssh2
May 12 11:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Failed password for root from 218.92.0.215 port 55274 ssh2
May 12 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Failed password for root from 117.40.119.252 port 43437 ssh2
May 12 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Connection closed by 117.40.119.252 port 43437 [preauth]
May 12 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Failed password for root from 218.92.0.215 port 55274 ssh2
May 12 11:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Failed password for root from 117.40.119.252 port 46050 ssh2
May 12 11:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Connection closed by 117.40.119.252 port 46050 [preauth]
May 12 11:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Failed password for root from 218.92.0.215 port 55274 ssh2
May 12 11:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Failed password for root from 117.40.119.252 port 47460 ssh2
May 12 11:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Connection closed by 117.40.119.252 port 47460 [preauth]
May 12 11:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Failed password for root from 218.92.0.215 port 55274 ssh2
May 12 11:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 55274 ssh2 [preauth]
May 12 11:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Disconnecting: Too many authentication failures [preauth]
May 12 11:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May 12 11:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 11:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: Failed password for root from 117.40.119.252 port 49448 ssh2
May 12 11:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: Connection closed by 117.40.119.252 port 49448 [preauth]
May 12 11:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May 12 11:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for root from 218.92.0.215 port 9842 ssh2
May 12 11:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13606]: Failed password for root from 117.40.119.252 port 51885 ssh2
May 12 11:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13606]: Connection closed by 117.40.119.252 port 51885 [preauth]
May 12 11:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for root from 218.92.0.215 port 9842 ssh2
May 12 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Failed password for root from 117.40.119.252 port 54005 ssh2
May 12 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session closed for user root
May 12 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Connection closed by 117.40.119.252 port 54005 [preauth]
May 12 11:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for root from 218.92.0.215 port 9842 ssh2
May 12 11:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for root from 218.92.0.215 port 9842 ssh2
May 12 11:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: Failed password for root from 117.40.119.252 port 56243 ssh2
May 12 11:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: Connection closed by 117.40.119.252 port 56243 [preauth]
May 12 11:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for root from 218.92.0.215 port 9842 ssh2
May 12 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: Failed password for root from 117.40.119.252 port 59386 ssh2
May 12 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: Connection closed by 117.40.119.252 port 59386 [preauth]
May 12 11:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for root from 218.92.0.215 port 9842 ssh2
May 12 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 9842 ssh2 [preauth]
May 12 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Disconnecting: Too many authentication failures [preauth]
May 12 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May 12 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13687]: Failed password for root from 117.40.119.252 port 60929 ssh2
May 12 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13687]: Connection closed by 117.40.119.252 port 60929 [preauth]
May 12 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May 12 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Failed password for root from 218.92.0.215 port 56364 ssh2
May 12 11:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: Failed password for root from 117.40.119.252 port 34893 ssh2
May 12 11:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: Connection closed by 117.40.119.252 port 34893 [preauth]
May 12 11:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Received disconnect from 218.92.0.215 port 56364:11:  [preauth]
May 12 11:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Disconnected from 218.92.0.215 port 56364 [preauth]
May 12 11:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Failed password for root from 117.40.119.252 port 37086 ssh2
May 12 11:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Connection closed by 117.40.119.252 port 37086 [preauth]
May 12 11:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: Failed password for root from 117.40.119.252 port 38703 ssh2
May 12 11:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: Connection closed by 117.40.119.252 port 38703 [preauth]
May 12 11:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13736]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13738]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13739]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13737]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13739]: pam_unix(cron:session): session closed for user root
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13733]: pam_unix(cron:session): session closed for user p13x
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13807]: Successful su for rubyman by root
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13807]: + ??? root:rubyman
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378705 of user rubyman.
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13807]: pam_unix(su:session): session closed for user rubyman
May 12 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378705.
May 12 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Failed password for root from 117.40.119.252 port 39917 ssh2
May 12 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Failed password for root from 218.92.0.179 port 39514 ssh2
May 12 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Connection closed by 117.40.119.252 port 39917 [preauth]
May 12 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13736]: pam_unix(cron:session): session closed for user root
May 12 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session closed for user root
May 12 11:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Failed password for root from 218.92.0.179 port 39514 ssh2
May 12 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13734]: pam_unix(cron:session): session closed for user samftp
May 12 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Failed password for root from 218.92.0.179 port 39514 ssh2
May 12 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Received disconnect from 218.92.0.179 port 39514:11:  [preauth]
May 12 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Disconnected from 218.92.0.179 port 39514 [preauth]
May 12 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 11:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Failed password for root from 117.40.119.252 port 45797 ssh2
May 12 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Connection closed by 117.40.119.252 port 45797 [preauth]
May 12 11:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Failed password for root from 117.40.119.252 port 47436 ssh2
May 12 11:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Connection closed by 117.40.119.252 port 47436 [preauth]
May 12 11:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Failed password for root from 117.40.119.252 port 50279 ssh2
May 12 11:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Connection closed by 117.40.119.252 port 50279 [preauth]
May 12 11:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: Failed password for root from 117.40.119.252 port 52020 ssh2
May 12 11:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: Connection closed by 117.40.119.252 port 52020 [preauth]
May 12 11:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14066]: Failed password for root from 117.40.119.252 port 53680 ssh2
May 12 11:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14066]: Connection closed by 117.40.119.252 port 53680 [preauth]
May 12 11:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12783]: pam_unix(cron:session): session closed for user root
May 12 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14098]: Failed password for root from 117.40.119.252 port 57486 ssh2
May 12 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14098]: Connection closed by 117.40.119.252 port 57486 [preauth]
May 12 11:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14129]: Failed password for root from 117.40.119.252 port 59232 ssh2
May 12 11:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14129]: Connection closed by 117.40.119.252 port 59232 [preauth]
May 12 11:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14162]: Failed password for root from 117.40.119.252 port 35467 ssh2
May 12 11:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14162]: Connection closed by 117.40.119.252 port 35467 [preauth]
May 12 11:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14165]: Failed password for root from 117.40.119.252 port 37423 ssh2
May 12 11:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14165]: Connection closed by 117.40.119.252 port 37423 [preauth]
May 12 11:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14176]: Failed password for root from 117.40.119.252 port 39538 ssh2
May 12 11:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14176]: Connection closed by 117.40.119.252 port 39538 [preauth]
May 12 11:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14187]: Failed password for root from 117.40.119.252 port 41009 ssh2
May 12 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14187]: Connection closed by 117.40.119.252 port 41009 [preauth]
May 12 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14192]: pam_unix(cron:session): session closed for user p13x
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: Successful su for rubyman by root
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: + ??? root:rubyman
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378710 of user rubyman.
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: pam_unix(su:session): session closed for user rubyman
May 12 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378710.
May 12 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: Failed password for root from 117.40.119.252 port 43145 ssh2
May 12 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: Connection closed by 117.40.119.252 port 43145 [preauth]
May 12 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11468]: pam_unix(cron:session): session closed for user root
May 12 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session closed for user samftp
May 12 11:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Failed password for root from 117.40.119.252 port 44526 ssh2
May 12 11:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Connection closed by 117.40.119.252 port 44526 [preauth]
May 12 11:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: Failed password for root from 117.40.119.252 port 46633 ssh2
May 12 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: Connection closed by 117.40.119.252 port 46633 [preauth]
May 12 11:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14470]: Failed password for root from 117.40.119.252 port 48762 ssh2
May 12 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14470]: Connection closed by 117.40.119.252 port 48762 [preauth]
May 12 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Failed password for root from 117.40.119.252 port 50760 ssh2
May 12 11:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Connection closed by 117.40.119.252 port 50760 [preauth]
May 12 11:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Failed password for root from 117.40.119.252 port 52384 ssh2
May 12 11:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Connection closed by 117.40.119.252 port 52384 [preauth]
May 12 11:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session closed for user root
May 12 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: Failed password for root from 117.40.119.252 port 58798 ssh2
May 12 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: Connection closed by 117.40.119.252 port 58798 [preauth]
May 12 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: Failed password for root from 117.40.119.252 port 60458 ssh2
May 12 11:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: Connection closed by 117.40.119.252 port 60458 [preauth]
May 12 11:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: Failed password for root from 117.40.119.252 port 33724 ssh2
May 12 11:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: Connection closed by 117.40.119.252 port 33724 [preauth]
May 12 11:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Failed password for root from 117.40.119.252 port 35241 ssh2
May 12 11:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Connection closed by 117.40.119.252 port 35241 [preauth]
May 12 11:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Failed password for root from 117.40.119.252 port 37393 ssh2
May 12 11:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Connection closed by 117.40.119.252 port 37393 [preauth]
May 12 11:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Failed password for root from 117.40.119.252 port 38974 ssh2
May 12 11:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Connection closed by 117.40.119.252 port 38974 [preauth]
May 12 11:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: Failed password for root from 117.40.119.252 port 40577 ssh2
May 12 11:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: Connection closed by 117.40.119.252 port 40577 [preauth]
May 12 11:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Failed password for root from 117.40.119.252 port 42563 ssh2
May 12 11:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Connection closed by 117.40.119.252 port 42563 [preauth]
May 12 11:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14649]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14651]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14647]: pam_unix(cron:session): session closed for user p13x
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14711]: Successful su for rubyman by root
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14711]: + ??? root:rubyman
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378714 of user rubyman.
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14711]: pam_unix(su:session): session closed for user rubyman
May 12 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378714.
May 12 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: Failed password for root from 117.40.119.252 port 44092 ssh2
May 12 11:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: Connection closed by 117.40.119.252 port 44092 [preauth]
May 12 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11917]: pam_unix(cron:session): session closed for user root
May 12 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14648]: pam_unix(cron:session): session closed for user samftp
May 12 11:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: Failed password for root from 117.40.119.252 port 45511 ssh2
May 12 11:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: Connection closed by 117.40.119.252 port 45511 [preauth]
May 12 11:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14903]: Failed password for root from 117.40.119.252 port 47583 ssh2
May 12 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14903]: Connection closed by 117.40.119.252 port 47583 [preauth]
May 12 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Failed password for root from 117.40.119.252 port 49357 ssh2
May 12 11:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Connection closed by 117.40.119.252 port 49357 [preauth]
May 12 11:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: Failed password for root from 117.40.119.252 port 51124 ssh2
May 12 11:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: Connection closed by 117.40.119.252 port 51124 [preauth]
May 12 11:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: Failed password for root from 117.40.119.252 port 52782 ssh2
May 12 11:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: Connection closed by 117.40.119.252 port 52782 [preauth]
May 12 11:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: Failed password for root from 117.40.119.252 port 54889 ssh2
May 12 11:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: Connection closed by 117.40.119.252 port 54889 [preauth]
May 12 11:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Failed password for root from 117.40.119.252 port 56572 ssh2
May 12 11:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Connection closed by 117.40.119.252 port 56572 [preauth]
May 12 11:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13738]: pam_unix(cron:session): session closed for user root
May 12 11:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Failed password for root from 117.40.119.252 port 60790 ssh2
May 12 11:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Connection closed by 117.40.119.252 port 60790 [preauth]
May 12 11:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15016]: Failed password for root from 117.40.119.252 port 34297 ssh2
May 12 11:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15016]: Connection closed by 117.40.119.252 port 34297 [preauth]
May 12 11:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Failed password for root from 117.40.119.252 port 35904 ssh2
May 12 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Connection closed by 117.40.119.252 port 35904 [preauth]
May 12 11:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: Failed password for root from 117.40.119.252 port 37427 ssh2
May 12 11:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: Connection closed by 117.40.119.252 port 37427 [preauth]
May 12 11:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15053]: Failed password for root from 117.40.119.252 port 39338 ssh2
May 12 11:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15053]: Connection closed by 117.40.119.252 port 39338 [preauth]
May 12 11:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: Failed password for root from 117.40.119.252 port 40791 ssh2
May 12 11:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: Connection closed by 117.40.119.252 port 40791 [preauth]
May 12 11:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Failed password for root from 117.40.119.252 port 44944 ssh2
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Connection closed by 117.40.119.252 port 44944 [preauth]
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15089]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15088]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15086]: pam_unix(cron:session): session closed for user p13x
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15146]: Successful su for rubyman by root
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15146]: + ??? root:rubyman
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378718 of user rubyman.
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15146]: pam_unix(su:session): session closed for user rubyman
May 12 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378718.
May 12 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12368]: pam_unix(cron:session): session closed for user root
May 12 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: Failed password for root from 117.40.119.252 port 46617 ssh2
May 12 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: Connection closed by 117.40.119.252 port 46617 [preauth]
May 12 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15087]: pam_unix(cron:session): session closed for user samftp
May 12 11:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Failed password for root from 117.40.119.252 port 48391 ssh2
May 12 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Connection closed by 117.40.119.252 port 48391 [preauth]
May 12 11:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: Failed password for root from 117.40.119.252 port 51277 ssh2
May 12 11:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: Connection closed by 117.40.119.252 port 51277 [preauth]
May 12 11:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: Failed password for root from 117.40.119.252 port 57019 ssh2
May 12 11:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: Connection closed by 117.40.119.252 port 57019 [preauth]
May 12 11:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Failed password for root from 117.40.119.252 port 60969 ssh2
May 12 11:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Connection closed by 117.40.119.252 port 60969 [preauth]
May 12 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user root
May 12 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Failed password for root from 117.40.119.252 port 34390 ssh2
May 12 11:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Connection closed by 117.40.119.252 port 34390 [preauth]
May 12 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Invalid user admin from 80.94.95.112
May 12 11:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: input_userauth_request: invalid user admin [preauth]
May 12 11:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 11:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: Failed password for root from 117.40.119.252 port 37085 ssh2
May 12 11:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: Connection closed by 117.40.119.252 port 37085 [preauth]
May 12 11:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Failed password for invalid user admin from 80.94.95.112 port 55433 ssh2
May 12 11:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Failed password for invalid user admin from 80.94.95.112 port 55433 ssh2
May 12 11:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: Failed password for root from 117.40.119.252 port 39215 ssh2
May 12 11:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: Connection closed by 117.40.119.252 port 39215 [preauth]
May 12 11:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Failed password for invalid user admin from 80.94.95.112 port 55433 ssh2
May 12 11:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Failed password for invalid user admin from 80.94.95.112 port 55433 ssh2
May 12 11:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: Failed password for root from 117.40.119.252 port 41333 ssh2
May 12 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: Connection closed by 117.40.119.252 port 41333 [preauth]
May 12 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Failed password for invalid user admin from 80.94.95.112 port 55433 ssh2
May 12 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Received disconnect from 80.94.95.112 port 55433:11: Bye [preauth]
May 12 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Disconnected from 80.94.95.112 port 55433 [preauth]
May 12 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 11:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Failed password for root from 117.40.119.252 port 45698 ssh2
May 12 11:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Connection closed by 117.40.119.252 port 45698 [preauth]
May 12 11:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15501]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15502]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15499]: pam_unix(cron:session): session closed for user p13x
May 12 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: Successful su for rubyman by root
May 12 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: + ??? root:rubyman
May 12 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378723 of user rubyman.
May 12 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: pam_unix(su:session): session closed for user rubyman
May 12 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378723.
May 12 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: Failed password for root from 117.40.119.252 port 47860 ssh2
May 12 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: Connection closed by 117.40.119.252 port 47860 [preauth]
May 12 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12782]: pam_unix(cron:session): session closed for user root
May 12 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15500]: pam_unix(cron:session): session closed for user samftp
May 12 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Failed password for root from 117.40.119.252 port 52243 ssh2
May 12 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Connection closed by 117.40.119.252 port 52243 [preauth]
May 12 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15754]: Failed password for root from 117.40.119.252 port 53831 ssh2
May 12 11:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15754]: Connection closed by 117.40.119.252 port 53831 [preauth]
May 12 11:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: Failed password for root from 117.40.119.252 port 55563 ssh2
May 12 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: Connection closed by 117.40.119.252 port 55563 [preauth]
May 12 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Failed password for root from 117.40.119.252 port 57742 ssh2
May 12 11:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Connection closed by 117.40.119.252 port 57742 [preauth]
May 12 11:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: Failed password for root from 117.40.119.252 port 59314 ssh2
May 12 11:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: Connection closed by 117.40.119.252 port 59314 [preauth]
May 12 11:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Failed password for root from 117.40.119.252 port 32931 ssh2
May 12 11:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Connection closed by 117.40.119.252 port 32931 [preauth]
May 12 11:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14651]: pam_unix(cron:session): session closed for user root
May 12 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Failed password for root from 117.40.119.252 port 34726 ssh2
May 12 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Connection closed by 117.40.119.252 port 34726 [preauth]
May 12 11:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Failed password for root from 117.40.119.252 port 37324 ssh2
May 12 11:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Connection closed by 117.40.119.252 port 37324 [preauth]
May 12 11:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: Failed password for root from 117.40.119.252 port 38996 ssh2
May 12 11:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: Connection closed by 117.40.119.252 port 38996 [preauth]
May 12 11:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15872]: Failed password for root from 117.40.119.252 port 41031 ssh2
May 12 11:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15872]: Connection closed by 117.40.119.252 port 41031 [preauth]
May 12 11:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: Failed password for root from 117.40.119.252 port 42597 ssh2
May 12 11:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: Connection closed by 117.40.119.252 port 42597 [preauth]
May 12 11:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Invalid user almalinux from 156.251.24.166
May 12 11:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: input_userauth_request: invalid user almalinux [preauth]
May 12 11:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 11:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: Failed password for root from 117.40.119.252 port 44819 ssh2
May 12 11:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: Connection closed by 117.40.119.252 port 44819 [preauth]
May 12 11:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Failed password for invalid user almalinux from 156.251.24.166 port 45350 ssh2
May 12 11:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Received disconnect from 156.251.24.166 port 45350:11: Bye Bye [preauth]
May 12 11:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Disconnected from 156.251.24.166 port 45350 [preauth]
May 12 11:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: Failed password for root from 117.40.119.252 port 46726 ssh2
May 12 11:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: Connection closed by 117.40.119.252 port 46726 [preauth]
May 12 11:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Failed password for root from 117.40.119.252 port 48756 ssh2
May 12 11:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Connection closed by 117.40.119.252 port 48756 [preauth]
May 12 11:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15935]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15937]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15936]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15934]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15937]: pam_unix(cron:session): session closed for user root
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15932]: pam_unix(cron:session): session closed for user p13x
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15998]: Successful su for rubyman by root
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15998]: + ??? root:rubyman
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378730 of user rubyman.
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15998]: pam_unix(su:session): session closed for user rubyman
May 12 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378730.
May 12 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Failed password for root from 117.40.119.252 port 50879 ssh2
May 12 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Connection closed by 117.40.119.252 port 50879 [preauth]
May 12 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15934]: pam_unix(cron:session): session closed for user root
May 12 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session closed for user root
May 12 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15933]: pam_unix(cron:session): session closed for user samftp
May 12 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16191]: Failed password for root from 117.40.119.252 port 52632 ssh2
May 12 11:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16191]: Connection closed by 117.40.119.252 port 52632 [preauth]
May 12 11:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16239]: Failed password for root from 117.40.119.252 port 60727 ssh2
May 12 11:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16239]: Connection closed by 117.40.119.252 port 60727 [preauth]
May 12 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: Failed password for root from 117.40.119.252 port 34703 ssh2
May 12 11:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: Connection closed by 117.40.119.252 port 34703 [preauth]
May 12 11:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16264]: Failed password for root from 117.40.119.252 port 36391 ssh2
May 12 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16264]: Connection closed by 117.40.119.252 port 36391 [preauth]
May 12 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15089]: pam_unix(cron:session): session closed for user root
May 12 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: Failed password for root from 117.40.119.252 port 38082 ssh2
May 12 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: Connection closed by 117.40.119.252 port 38082 [preauth]
May 12 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Failed password for root from 117.40.119.252 port 39854 ssh2
May 12 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Connection closed by 117.40.119.252 port 39854 [preauth]
May 12 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16305]: Failed password for root from 117.40.119.252 port 41564 ssh2
May 12 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16305]: Connection closed by 117.40.119.252 port 41564 [preauth]
May 12 11:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Failed password for root from 117.40.119.252 port 45126 ssh2
May 12 11:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Connection closed by 117.40.119.252 port 45126 [preauth]
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session closed for user p13x
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16429]: Successful su for rubyman by root
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16429]: + ??? root:rubyman
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378733 of user rubyman.
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16429]: pam_unix(su:session): session closed for user rubyman
May 12 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378733.
May 12 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13737]: pam_unix(cron:session): session closed for user root
May 12 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session closed for user samftp
May 12 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: Failed password for root from 117.40.119.252 port 54806 ssh2
May 12 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: Connection closed by 117.40.119.252 port 54806 [preauth]
May 12 11:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Invalid user cisco from 80.94.95.125
May 12 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: input_userauth_request: invalid user cisco [preauth]
May 12 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Failed password for invalid user cisco from 80.94.95.125 port 22685 ssh2
May 12 11:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: Failed password for root from 117.40.119.252 port 33776 ssh2
May 12 11:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Received disconnect from 80.94.95.125 port 22685:11: Bye [preauth]
May 12 11:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Disconnected from 80.94.95.125 port 22685 [preauth]
May 12 11:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: Connection closed by 117.40.119.252 port 33776 [preauth]
May 12 11:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Failed password for root from 117.40.119.252 port 36692 ssh2
May 12 11:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Connection closed by 117.40.119.252 port 36692 [preauth]
May 12 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15502]: pam_unix(cron:session): session closed for user root
May 12 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Failed password for root from 117.40.119.252 port 40588 ssh2
May 12 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Connection closed by 117.40.119.252 port 40588 [preauth]
May 12 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Failed password for root from 117.40.119.252 port 42640 ssh2
May 12 11:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Connection closed by 117.40.119.252 port 42640 [preauth]
May 12 11:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Failed password for root from 117.40.119.252 port 44672 ssh2
May 12 11:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Connection closed by 117.40.119.252 port 44672 [preauth]
May 12 11:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: Failed password for root from 117.40.119.252 port 46844 ssh2
May 12 11:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: Connection closed by 117.40.119.252 port 46844 [preauth]
May 12 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Failed password for root from 117.40.119.252 port 49248 ssh2
May 12 11:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Connection closed by 117.40.119.252 port 49248 [preauth]
May 12 11:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Failed password for root from 117.40.119.252 port 51434 ssh2
May 12 11:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Connection closed by 117.40.119.252 port 51434 [preauth]
May 12 11:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16845]: pam_unix(cron:session): session closed for user p13x
May 12 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16930]: Successful su for rubyman by root
May 12 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16930]: + ??? root:rubyman
May 12 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378738 of user rubyman.
May 12 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16930]: pam_unix(su:session): session closed for user rubyman
May 12 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378738.
May 12 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: Failed password for root from 117.40.119.252 port 52996 ssh2
May 12 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: Connection closed by 117.40.119.252 port 52996 [preauth]
May 12 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session closed for user root
May 12 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session closed for user samftp
May 12 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: Failed password for root from 117.40.119.252 port 57023 ssh2
May 12 11:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: Connection closed by 117.40.119.252 port 57023 [preauth]
May 12 11:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17134]: Failed password for root from 117.40.119.252 port 58856 ssh2
May 12 11:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17134]: Connection closed by 117.40.119.252 port 58856 [preauth]
May 12 11:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Failed password for root from 117.40.119.252 port 60611 ssh2
May 12 11:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Connection closed by 117.40.119.252 port 60611 [preauth]
May 12 11:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Failed password for root from 117.40.119.252 port 37318 ssh2
May 12 11:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Connection closed by 117.40.119.252 port 37318 [preauth]
May 12 11:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for root from 117.40.119.252 port 38922 ssh2
May 12 11:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Connection closed by 117.40.119.252 port 38922 [preauth]
May 12 11:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: Failed password for root from 117.40.119.252 port 40539 ssh2
May 12 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: Connection closed by 117.40.119.252 port 40539 [preauth]
May 12 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15936]: pam_unix(cron:session): session closed for user root
May 12 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: Failed password for root from 117.40.119.252 port 41924 ssh2
May 12 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: Connection closed by 117.40.119.252 port 41924 [preauth]
May 12 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: Failed password for root from 117.40.119.252 port 43742 ssh2
May 12 11:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: Connection closed by 117.40.119.252 port 43742 [preauth]
May 12 11:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: Failed password for root from 117.40.119.252 port 45268 ssh2
May 12 11:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: Connection closed by 117.40.119.252 port 45268 [preauth]
May 12 11:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: Failed password for root from 117.40.119.252 port 46927 ssh2
May 12 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: Connection closed by 117.40.119.252 port 46927 [preauth]
May 12 11:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Failed password for root from 117.40.119.252 port 48329 ssh2
May 12 11:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Connection closed by 117.40.119.252 port 48329 [preauth]
May 12 11:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 11:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Failed password for root from 117.40.119.252 port 50455 ssh2
May 12 11:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Connection closed by 117.40.119.252 port 50455 [preauth]
May 12 11:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: Failed password for root from 218.92.0.179 port 57496 ssh2
May 12 11:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: Failed password for root from 218.92.0.179 port 57496 ssh2
May 12 11:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Failed password for root from 117.40.119.252 port 53725 ssh2
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Connection closed by 117.40.119.252 port 53725 [preauth]
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session closed for user p13x
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17373]: Successful su for rubyman by root
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17373]: + ??? root:rubyman
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378740 of user rubyman.
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17373]: pam_unix(su:session): session closed for user rubyman
May 12 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378740.
May 12 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: Failed password for root from 218.92.0.179 port 57496 ssh2
May 12 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: Received disconnect from 218.92.0.179 port 57496:11:  [preauth]
May 12 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: Disconnected from 218.92.0.179 port 57496 [preauth]
May 12 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Failed password for root from 117.40.119.252 port 55446 ssh2
May 12 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Connection closed by 117.40.119.252 port 55446 [preauth]
May 12 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14649]: pam_unix(cron:session): session closed for user root
May 12 11:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session closed for user samftp
May 12 11:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: Failed password for root from 117.40.119.252 port 56901 ssh2
May 12 11:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: Connection closed by 117.40.119.252 port 56901 [preauth]
May 12 11:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17576]: Failed password for root from 117.40.119.252 port 58825 ssh2
May 12 11:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17576]: Connection closed by 117.40.119.252 port 58825 [preauth]
May 12 11:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Failed password for root from 117.40.119.252 port 60375 ssh2
May 12 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Connection closed by 117.40.119.252 port 60375 [preauth]
May 12 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Failed password for root from 117.40.119.252 port 33942 ssh2
May 12 11:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Connection closed by 117.40.119.252 port 33942 [preauth]
May 12 11:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17612]: Failed password for root from 117.40.119.252 port 35516 ssh2
May 12 11:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17612]: Connection closed by 117.40.119.252 port 35516 [preauth]
May 12 11:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: Failed password for root from 117.40.119.252 port 37038 ssh2
May 12 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: Connection closed by 117.40.119.252 port 37038 [preauth]
May 12 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: Failed password for root from 117.40.119.252 port 38749 ssh2
May 12 11:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: Connection closed by 117.40.119.252 port 38749 [preauth]
May 12 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session closed for user root
May 12 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17678]: Failed password for root from 117.40.119.252 port 42918 ssh2
May 12 11:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17678]: Connection closed by 117.40.119.252 port 42918 [preauth]
May 12 11:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: Failed password for root from 117.40.119.252 port 44368 ssh2
May 12 11:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: Connection closed by 117.40.119.252 port 44368 [preauth]
May 12 11:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: Failed password for root from 117.40.119.252 port 45866 ssh2
May 12 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: Connection closed by 117.40.119.252 port 45866 [preauth]
May 12 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17708]: Failed password for root from 117.40.119.252 port 47760 ssh2
May 12 11:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17708]: Connection closed by 117.40.119.252 port 47760 [preauth]
May 12 11:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17739]: Failed password for root from 117.40.119.252 port 52069 ssh2
May 12 11:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17739]: Connection closed by 117.40.119.252 port 52069 [preauth]
May 12 11:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: Failed password for root from 117.40.119.252 port 53660 ssh2
May 12 11:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: Connection closed by 117.40.119.252 port 53660 [preauth]
May 12 11:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: Failed password for root from 117.40.119.252 port 55131 ssh2
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: Connection closed by 117.40.119.252 port 55131 [preauth]
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17780]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17781]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session closed for user p13x
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17931]: Successful su for rubyman by root
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17931]: + ??? root:rubyman
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378745 of user rubyman.
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17931]: pam_unix(su:session): session closed for user rubyman
May 12 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378745.
May 12 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: Failed password for root from 117.40.119.252 port 56673 ssh2
May 12 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15088]: pam_unix(cron:session): session closed for user root
May 12 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: Connection closed by 117.40.119.252 port 56673 [preauth]
May 12 11:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17779]: pam_unix(cron:session): session closed for user samftp
May 12 11:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Failed password for root from 117.40.119.252 port 60785 ssh2
May 12 11:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Connection closed by 117.40.119.252 port 60785 [preauth]
May 12 11:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: Failed password for root from 117.40.119.252 port 34562 ssh2
May 12 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: Connection closed by 117.40.119.252 port 34562 [preauth]
May 12 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: Failed password for root from 117.40.119.252 port 37579 ssh2
May 12 11:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: Connection closed by 117.40.119.252 port 37579 [preauth]
May 12 11:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18195]: Failed password for root from 117.40.119.252 port 38996 ssh2
May 12 11:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18195]: Connection closed by 117.40.119.252 port 38996 [preauth]
May 12 11:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: Failed password for root from 117.40.119.252 port 42140 ssh2
May 12 11:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: Connection closed by 117.40.119.252 port 42140 [preauth]
May 12 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session closed for user root
May 12 11:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Failed password for root from 117.40.119.252 port 46227 ssh2
May 12 11:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Connection closed by 117.40.119.252 port 46227 [preauth]
May 12 11:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Failed password for root from 117.40.119.252 port 47880 ssh2
May 12 11:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Connection closed by 117.40.119.252 port 47880 [preauth]
May 12 11:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18262]: Failed password for root from 117.40.119.252 port 49818 ssh2
May 12 11:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18262]: Connection closed by 117.40.119.252 port 49818 [preauth]
May 12 11:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: Failed password for root from 117.40.119.252 port 51036 ssh2
May 12 11:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: Connection closed by 117.40.119.252 port 51036 [preauth]
May 12 11:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18275]: Failed password for root from 117.40.119.252 port 52584 ssh2
May 12 11:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18275]: Connection closed by 117.40.119.252 port 52584 [preauth]
May 12 11:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: Failed password for root from 117.40.119.252 port 54049 ssh2
May 12 11:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: Connection closed by 117.40.119.252 port 54049 [preauth]
May 12 11:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Failed password for root from 117.40.119.252 port 55764 ssh2
May 12 11:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Connection closed by 117.40.119.252 port 55764 [preauth]
May 12 11:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: Failed password for root from 117.40.119.252 port 57285 ssh2
May 12 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: Connection closed by 117.40.119.252 port 57285 [preauth]
May 12 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18317]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18319]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18318]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18321]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18321]: pam_unix(cron:session): session closed for user root
May 12 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18315]: pam_unix(cron:session): session closed for user p13x
May 12 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18392]: Successful su for rubyman by root
May 12 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18392]: + ??? root:rubyman
May 12 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378752 of user rubyman.
May 12 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18392]: pam_unix(su:session): session closed for user rubyman
May 12 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378752.
May 12 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Failed password for root from 117.40.119.252 port 58563 ssh2
May 12 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Connection closed by 117.40.119.252 port 58563 [preauth]
May 12 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18317]: pam_unix(cron:session): session closed for user root
May 12 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15501]: pam_unix(cron:session): session closed for user root
May 12 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: Failed password for root from 117.40.119.252 port 60104 ssh2
May 12 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: Connection closed by 117.40.119.252 port 60104 [preauth]
May 12 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18316]: pam_unix(cron:session): session closed for user samftp
May 12 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18607]: Failed password for root from 117.40.119.252 port 33302 ssh2
May 12 11:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18607]: Connection closed by 117.40.119.252 port 33302 [preauth]
May 12 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: Failed password for root from 117.40.119.252 port 35172 ssh2
May 12 11:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: Connection closed by 117.40.119.252 port 35172 [preauth]
May 12 11:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18624]: Failed password for root from 117.40.119.252 port 36629 ssh2
May 12 11:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18624]: Connection closed by 117.40.119.252 port 36629 [preauth]
May 12 11:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18633]: Failed password for root from 117.40.119.252 port 38003 ssh2
May 12 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18633]: Connection closed by 117.40.119.252 port 38003 [preauth]
May 12 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: Failed password for root from 117.40.119.252 port 42331 ssh2
May 12 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: Connection closed by 117.40.119.252 port 42331 [preauth]
May 12 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session closed for user root
May 12 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: Failed password for root from 117.40.119.252 port 45170 ssh2
May 12 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: Connection closed by 117.40.119.252 port 45170 [preauth]
May 12 11:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18707]: Failed password for root from 117.40.119.252 port 46847 ssh2
May 12 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18707]: Connection closed by 117.40.119.252 port 46847 [preauth]
May 12 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Failed password for root from 117.40.119.252 port 48558 ssh2
May 12 11:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Connection closed by 117.40.119.252 port 48558 [preauth]
May 12 11:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: Failed password for root from 117.40.119.252 port 50371 ssh2
May 12 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: Connection closed by 117.40.119.252 port 50371 [preauth]
May 12 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: Failed password for root from 117.40.119.252 port 52348 ssh2
May 12 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: Connection closed by 117.40.119.252 port 52348 [preauth]
May 12 11:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18753]: Failed password for root from 117.40.119.252 port 53803 ssh2
May 12 11:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18753]: Connection closed by 117.40.119.252 port 53803 [preauth]
May 12 11:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: Failed password for root from 117.40.119.252 port 55097 ssh2
May 12 11:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: Connection closed by 117.40.119.252 port 55097 [preauth]
May 12 11:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: Failed password for root from 117.40.119.252 port 56480 ssh2
May 12 11:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: Connection closed by 117.40.119.252 port 56480 [preauth]
May 12 11:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: Failed password for root from 117.40.119.252 port 58084 ssh2
May 12 11:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: Connection closed by 117.40.119.252 port 58084 [preauth]
May 12 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18800]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18801]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18797]: pam_unix(cron:session): session closed for user p13x
May 12 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18867]: Successful su for rubyman by root
May 12 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18867]: + ??? root:rubyman
May 12 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378754 of user rubyman.
May 12 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18867]: pam_unix(su:session): session closed for user rubyman
May 12 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378754.
May 12 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Failed password for root from 117.40.119.252 port 59713 ssh2
May 12 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15935]: pam_unix(cron:session): session closed for user root
May 12 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Connection closed by 117.40.119.252 port 59713 [preauth]
May 12 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18799]: pam_unix(cron:session): session closed for user samftp
May 12 11:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: Failed password for root from 117.40.119.252 port 37079 ssh2
May 12 11:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: Connection closed by 117.40.119.252 port 37079 [preauth]
May 12 11:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: Failed password for root from 117.40.119.252 port 39037 ssh2
May 12 11:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: Connection closed by 117.40.119.252 port 39037 [preauth]
May 12 11:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Failed password for root from 117.40.119.252 port 44872 ssh2
May 12 11:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Connection closed by 117.40.119.252 port 44872 [preauth]
May 12 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19125]: Failed password for root from 117.40.119.252 port 46696 ssh2
May 12 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19125]: Connection closed by 117.40.119.252 port 46696 [preauth]
May 12 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17781]: pam_unix(cron:session): session closed for user root
May 12 11:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19164]: Failed password for root from 117.40.119.252 port 51134 ssh2
May 12 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19164]: Connection closed by 117.40.119.252 port 51134 [preauth]
May 12 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: Failed password for root from 117.40.119.252 port 52560 ssh2
May 12 11:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: Connection closed by 117.40.119.252 port 52560 [preauth]
May 12 11:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: Invalid user ubuntu from 156.251.24.166
May 12 11:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: input_userauth_request: invalid user ubuntu [preauth]
May 12 11:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: pam_unix(sshd:auth): check pass; user unknown
May 12 11:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 11:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: Failed password for invalid user ubuntu from 156.251.24.166 port 52618 ssh2
May 12 11:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: Received disconnect from 156.251.24.166 port 52618:11: Bye Bye [preauth]
May 12 11:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: Disconnected from 156.251.24.166 port 52618 [preauth]
May 12 11:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Failed password for root from 117.40.119.252 port 56462 ssh2
May 12 11:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Connection closed by 117.40.119.252 port 56462 [preauth]
May 12 11:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19221]: Failed password for root from 117.40.119.252 port 59096 ssh2
May 12 11:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19221]: Connection closed by 117.40.119.252 port 59096 [preauth]
May 12 11:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Failed password for root from 117.40.119.252 port 60587 ssh2
May 12 11:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Connection closed by 117.40.119.252 port 60587 [preauth]
May 12 11:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19239]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19240]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19237]: pam_unix(cron:session): session closed for user p13x
May 12 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: Successful su for rubyman by root
May 12 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: + ??? root:rubyman
May 12 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378758 of user rubyman.
May 12 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: pam_unix(su:session): session closed for user rubyman
May 12 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378758.
May 12 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May 12 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Failed password for root from 117.40.119.252 port 33908 ssh2
May 12 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Connection closed by 117.40.119.252 port 33908 [preauth]
May 12 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session closed for user root
May 12 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Failed password for root from 193.70.84.184 port 35964 ssh2
May 12 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Connection closed by 193.70.84.184 port 35964 [preauth]
May 12 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Failed password for root from 117.40.119.252 port 35421 ssh2
May 12 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19238]: pam_unix(cron:session): session closed for user samftp
May 12 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Connection closed by 117.40.119.252 port 35421 [preauth]
May 12 11:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19497]: Failed password for root from 117.40.119.252 port 37045 ssh2
May 12 11:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19497]: Connection closed by 117.40.119.252 port 37045 [preauth]
May 12 11:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: Failed password for root from 117.40.119.252 port 38562 ssh2
May 12 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: Connection closed by 117.40.119.252 port 38562 [preauth]
May 12 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19517]: Failed password for root from 117.40.119.252 port 40228 ssh2
May 12 11:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19517]: Connection closed by 117.40.119.252 port 40228 [preauth]
May 12 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: Failed password for root from 117.40.119.252 port 44971 ssh2
May 12 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: Connection closed by 117.40.119.252 port 44971 [preauth]
May 12 11:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19573]: Failed password for root from 117.40.119.252 port 46509 ssh2
May 12 11:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19573]: Connection closed by 117.40.119.252 port 46509 [preauth]
May 12 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18319]: pam_unix(cron:session): session closed for user root
May 12 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19620]: Failed password for root from 117.40.119.252 port 50095 ssh2
May 12 11:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19620]: Connection closed by 117.40.119.252 port 50095 [preauth]
May 12 11:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Failed password for root from 117.40.119.252 port 53877 ssh2
May 12 11:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Connection closed by 117.40.119.252 port 53877 [preauth]
May 12 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19674]: Failed password for root from 117.40.119.252 port 33062 ssh2
May 12 11:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19674]: Connection closed by 117.40.119.252 port 33062 [preauth]
May 12 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19690]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19691]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19688]: pam_unix(cron:session): session closed for user p13x
May 12 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19750]: Successful su for rubyman by root
May 12 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19750]: + ??? root:rubyman
May 12 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378763 of user rubyman.
May 12 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19750]: pam_unix(su:session): session closed for user rubyman
May 12 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378763.
May 12 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session closed for user root
May 12 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19782]: Failed password for root from 117.40.119.252 port 35226 ssh2
May 12 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19782]: Connection closed by 117.40.119.252 port 35226 [preauth]
May 12 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19689]: pam_unix(cron:session): session closed for user samftp
May 12 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Failed password for root from 117.40.119.252 port 38184 ssh2
May 12 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Connection closed by 117.40.119.252 port 38184 [preauth]
May 12 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Failed password for root from 117.40.119.252 port 39983 ssh2
May 12 11:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Connection closed by 117.40.119.252 port 39983 [preauth]
May 12 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Failed password for root from 117.40.119.252 port 41625 ssh2
May 12 11:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Connection closed by 117.40.119.252 port 41625 [preauth]
May 12 11:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19984]: Failed password for root from 117.40.119.252 port 43781 ssh2
May 12 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19984]: Connection closed by 117.40.119.252 port 43781 [preauth]
May 12 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Failed password for root from 117.40.119.252 port 46647 ssh2
May 12 11:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Connection closed by 117.40.119.252 port 46647 [preauth]
May 12 11:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Failed password for root from 117.40.119.252 port 48178 ssh2
May 12 11:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Connection closed by 117.40.119.252 port 48178 [preauth]
May 12 11:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: Failed password for root from 117.40.119.252 port 49858 ssh2
May 12 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: Connection closed by 117.40.119.252 port 49858 [preauth]
May 12 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18801]: pam_unix(cron:session): session closed for user root
May 12 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: Failed password for root from 117.40.119.252 port 54074 ssh2
May 12 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: Connection closed by 117.40.119.252 port 54074 [preauth]
May 12 11:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: Failed password for root from 117.40.119.252 port 57214 ssh2
May 12 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: Connection closed by 117.40.119.252 port 57214 [preauth]
May 12 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: Failed password for root from 117.40.119.252 port 59026 ssh2
May 12 11:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: Connection closed by 117.40.119.252 port 59026 [preauth]
May 12 11:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: Failed password for root from 117.40.119.252 port 60638 ssh2
May 12 11:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: Connection closed by 117.40.119.252 port 60638 [preauth]
May 12 11:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20130]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20131]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20128]: pam_unix(cron:session): session closed for user p13x
May 12 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20190]: Successful su for rubyman by root
May 12 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20190]: + ??? root:rubyman
May 12 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378768 of user rubyman.
May 12 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20190]: pam_unix(su:session): session closed for user rubyman
May 12 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378768.
May 12 11:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Failed password for root from 117.40.119.252 port 36635 ssh2
May 12 11:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Connection closed by 117.40.119.252 port 36635 [preauth]
May 12 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session closed for user root
May 12 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20129]: pam_unix(cron:session): session closed for user samftp
May 12 11:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: Failed password for root from 117.40.119.252 port 38680 ssh2
May 12 11:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: Connection closed by 117.40.119.252 port 38680 [preauth]
May 12 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: Failed password for root from 117.40.119.252 port 43587 ssh2
May 12 11:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: Connection closed by 117.40.119.252 port 43587 [preauth]
May 12 11:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May 12 11:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Failed password for root from 117.40.119.252 port 45141 ssh2
May 12 11:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Connection closed by 117.40.119.252 port 45141 [preauth]
May 12 11:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: Failed password for root from 45.6.188.43 port 52396 ssh2
May 12 11:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: Connection closed by 45.6.188.43 port 52396 [preauth]
May 12 11:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: Failed password for root from 117.40.119.252 port 46820 ssh2
May 12 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: Connection closed by 117.40.119.252 port 46820 [preauth]
May 12 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: Failed password for root from 117.40.119.252 port 50546 ssh2
May 12 11:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: Connection closed by 117.40.119.252 port 50546 [preauth]
May 12 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19240]: pam_unix(cron:session): session closed for user root
May 12 11:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20462]: Failed password for root from 117.40.119.252 port 52267 ssh2
May 12 11:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20462]: Connection closed by 117.40.119.252 port 52267 [preauth]
May 12 11:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Failed password for root from 117.40.119.252 port 55413 ssh2
May 12 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Connection closed by 117.40.119.252 port 55413 [preauth]
May 12 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: Failed password for root from 117.40.119.252 port 57415 ssh2
May 12 11:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: Connection closed by 117.40.119.252 port 57415 [preauth]
May 12 11:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: Failed password for root from 117.40.119.252 port 59027 ssh2
May 12 11:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: Connection closed by 117.40.119.252 port 59027 [preauth]
May 12 11:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 11:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 11:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Failed password for root from 117.40.119.252 port 60735 ssh2
May 12 11:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Connection closed by 117.40.119.252 port 60735 [preauth]
May 12 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20568]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20571]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20569]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20570]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20567]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20567]: pam_unix(cron:session): session closed for user root
May 12 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20571]: pam_unix(cron:session): session closed for user root
May 12 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20565]: pam_unix(cron:session): session closed for user p13x
May 12 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20663]: Successful su for rubyman by root
May 12 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20663]: + ??? root:rubyman
May 12 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378772 of user rubyman.
May 12 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20663]: pam_unix(su:session): session closed for user rubyman
May 12 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378772.
May 12 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Failed password for root from 117.40.119.252 port 36591 ssh2
May 12 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Connection closed by 117.40.119.252 port 36591 [preauth]
May 12 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17780]: pam_unix(cron:session): session closed for user root
May 12 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20568]: pam_unix(cron:session): session closed for user root
May 12 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20566]: pam_unix(cron:session): session closed for user samftp
May 12 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: Failed password for root from 117.40.119.252 port 39912 ssh2
May 12 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: Connection closed by 117.40.119.252 port 39912 [preauth]
May 12 12:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Failed password for root from 117.40.119.252 port 42298 ssh2
May 12 12:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Connection closed by 117.40.119.252 port 42298 [preauth]
May 12 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: Failed password for root from 117.40.119.252 port 44366 ssh2
May 12 12:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: Connection closed by 117.40.119.252 port 44366 [preauth]
May 12 12:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: Failed password for root from 117.40.119.252 port 46285 ssh2
May 12 12:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: Connection closed by 117.40.119.252 port 46285 [preauth]
May 12 12:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Failed password for root from 117.40.119.252 port 50881 ssh2
May 12 12:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Connection closed by 117.40.119.252 port 50881 [preauth]
May 12 12:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May 12 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: Failed password for root from 117.40.119.252 port 52472 ssh2
May 12 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: Connection closed by 117.40.119.252 port 52472 [preauth]
May 12 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19691]: pam_unix(cron:session): session closed for user root
May 12 12:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Failed password for root from 218.92.0.236 port 43636 ssh2
May 12 12:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Failed password for root from 218.92.0.236 port 43636 ssh2
May 12 12:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: Failed password for root from 117.40.119.252 port 54175 ssh2
May 12 12:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: Connection closed by 117.40.119.252 port 54175 [preauth]
May 12 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Failed password for root from 218.92.0.236 port 43636 ssh2
May 12 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Received disconnect from 218.92.0.236 port 43636:11:  [preauth]
May 12 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Disconnected from 218.92.0.236 port 43636 [preauth]
May 12 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May 12 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Failed password for root from 117.40.119.252 port 56419 ssh2
May 12 12:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Connection closed by 117.40.119.252 port 56419 [preauth]
May 12 12:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: Failed password for root from 117.40.119.252 port 60734 ssh2
May 12 12:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: Connection closed by 117.40.119.252 port 60734 [preauth]
May 12 12:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21080]: Failed password for root from 117.40.119.252 port 34119 ssh2
May 12 12:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21080]: Connection closed by 117.40.119.252 port 34119 [preauth]
May 12 12:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: Failed password for root from 117.40.119.252 port 35629 ssh2
May 12 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: Connection closed by 117.40.119.252 port 35629 [preauth]
May 12 12:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: Failed password for root from 117.40.119.252 port 37352 ssh2
May 12 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: Connection closed by 117.40.119.252 port 37352 [preauth]
May 12 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21114]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21113]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21111]: pam_unix(cron:session): session closed for user p13x
May 12 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21180]: Successful su for rubyman by root
May 12 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21180]: + ??? root:rubyman
May 12 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378778 of user rubyman.
May 12 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21180]: pam_unix(su:session): session closed for user rubyman
May 12 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378778.
May 12 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: Failed password for root from 117.40.119.252 port 40345 ssh2
May 12 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: Connection closed by 117.40.119.252 port 40345 [preauth]
May 12 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18318]: pam_unix(cron:session): session closed for user root
May 12 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21112]: pam_unix(cron:session): session closed for user samftp
May 12 12:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: Failed password for root from 117.40.119.252 port 44146 ssh2
May 12 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: Connection closed by 117.40.119.252 port 44146 [preauth]
May 12 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: Failed password for root from 117.40.119.252 port 45624 ssh2
May 12 12:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: Connection closed by 117.40.119.252 port 45624 [preauth]
May 12 12:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Failed password for root from 117.40.119.252 port 47161 ssh2
May 12 12:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Connection closed by 117.40.119.252 port 47161 [preauth]
May 12 12:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: Failed password for root from 117.40.119.252 port 49325 ssh2
May 12 12:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: Connection closed by 117.40.119.252 port 49325 [preauth]
May 12 12:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21464]: Failed password for root from 117.40.119.252 port 51276 ssh2
May 12 12:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21464]: Connection closed by 117.40.119.252 port 51276 [preauth]
May 12 12:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: Failed password for root from 117.40.119.252 port 53163 ssh2
May 12 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: Connection closed by 117.40.119.252 port 53163 [preauth]
May 12 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20131]: pam_unix(cron:session): session closed for user root
May 12 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Failed password for root from 117.40.119.252 port 54713 ssh2
May 12 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Connection closed by 117.40.119.252 port 54713 [preauth]
May 12 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Failed password for root from 117.40.119.252 port 56109 ssh2
May 12 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Connection closed by 117.40.119.252 port 56109 [preauth]
May 12 12:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Connection reset by 218.92.0.237 port 21740 [preauth]
May 12 12:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: Failed password for root from 218.92.0.198 port 52520 ssh2
May 12 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: Failed password for root from 218.92.0.198 port 52520 ssh2
May 12 12:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: Failed password for root from 117.40.119.252 port 57592 ssh2
May 12 12:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: Connection closed by 117.40.119.252 port 57592 [preauth]
May 12 12:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: Failed password for root from 218.92.0.198 port 52520 ssh2
May 12 12:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: Received disconnect from 218.92.0.198 port 52520:11:  [preauth]
May 12 12:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: Disconnected from 218.92.0.198 port 52520 [preauth]
May 12 12:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 12:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 12:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Failed password for root from 117.40.119.252 port 60013 ssh2
May 12 12:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Connection closed by 117.40.119.252 port 60013 [preauth]
May 12 12:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21546]: Failed password for root from 218.92.0.198 port 52874 ssh2
May 12 12:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Failed password for root from 117.40.119.252 port 33141 ssh2
May 12 12:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Connection closed by 117.40.119.252 port 33141 [preauth]
May 12 12:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21546]: Failed password for root from 218.92.0.198 port 52874 ssh2
May 12 12:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21546]: Failed password for root from 218.92.0.198 port 52874 ssh2
May 12 12:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21546]: Received disconnect from 218.92.0.198 port 52874:11:  [preauth]
May 12 12:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21546]: Disconnected from 218.92.0.198 port 52874 [preauth]
May 12 12:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21546]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 12:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: Failed password for root from 117.40.119.252 port 34536 ssh2
May 12 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 12:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: Connection closed by 117.40.119.252 port 34536 [preauth]
May 12 12:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21575]: Failed password for root from 218.92.0.198 port 52902 ssh2
May 12 12:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21575]: Failed password for root from 218.92.0.198 port 52902 ssh2
May 12 12:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: Failed password for root from 117.40.119.252 port 36329 ssh2
May 12 12:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: Connection closed by 117.40.119.252 port 36329 [preauth]
May 12 12:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21575]: Failed password for root from 218.92.0.198 port 52902 ssh2
May 12 12:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21575]: Received disconnect from 218.92.0.198 port 52902:11:  [preauth]
May 12 12:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21575]: Disconnected from 218.92.0.198 port 52902 [preauth]
May 12 12:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21575]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 12:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: Failed password for root from 117.40.119.252 port 38168 ssh2
May 12 12:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: Connection closed by 117.40.119.252 port 38168 [preauth]
May 12 12:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session closed for user p13x
May 12 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21689]: Successful su for rubyman by root
May 12 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21689]: + ??? root:rubyman
May 12 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378782 of user rubyman.
May 12 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21689]: pam_unix(su:session): session closed for user rubyman
May 12 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378782.
May 12 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: Failed password for root from 117.40.119.252 port 40988 ssh2
May 12 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: Connection closed by 117.40.119.252 port 40988 [preauth]
May 12 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18800]: pam_unix(cron:session): session closed for user root
May 12 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session closed for user samftp
May 12 12:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: Failed password for root from 117.40.119.252 port 42386 ssh2
May 12 12:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: Connection closed by 117.40.119.252 port 42386 [preauth]
May 12 12:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22177]: Failed password for root from 117.40.119.252 port 44117 ssh2
May 12 12:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22177]: Connection closed by 117.40.119.252 port 44117 [preauth]
May 12 12:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Failed password for root from 218.92.0.179 port 22908 ssh2
May 12 12:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Failed password for root from 218.92.0.179 port 22908 ssh2
May 12 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Failed password for root from 117.40.119.252 port 46002 ssh2
May 12 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Connection closed by 117.40.119.252 port 46002 [preauth]
May 12 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Failed password for root from 218.92.0.179 port 22908 ssh2
May 12 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Received disconnect from 218.92.0.179 port 22908:11:  [preauth]
May 12 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Disconnected from 218.92.0.179 port 22908 [preauth]
May 12 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Failed password for root from 117.40.119.252 port 49462 ssh2
May 12 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Connection closed by 117.40.119.252 port 49462 [preauth]
May 12 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: Failed password for root from 117.40.119.252 port 51166 ssh2
May 12 12:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: Connection closed by 117.40.119.252 port 51166 [preauth]
May 12 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Failed password for root from 117.40.119.252 port 54248 ssh2
May 12 12:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Connection closed by 117.40.119.252 port 54248 [preauth]
May 12 12:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20570]: pam_unix(cron:session): session closed for user root
May 12 12:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: Failed password for root from 117.40.119.252 port 56933 ssh2
May 12 12:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: Connection closed by 117.40.119.252 port 56933 [preauth]
May 12 12:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: Failed password for root from 117.40.119.252 port 58547 ssh2
May 12 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: Connection closed by 117.40.119.252 port 58547 [preauth]
May 12 12:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Failed password for root from 117.40.119.252 port 60137 ssh2
May 12 12:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Connection closed by 117.40.119.252 port 60137 [preauth]
May 12 12:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: Failed password for root from 117.40.119.252 port 33842 ssh2
May 12 12:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: Connection closed by 117.40.119.252 port 33842 [preauth]
May 12 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: Failed password for root from 117.40.119.252 port 37886 ssh2
May 12 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: Connection closed by 117.40.119.252 port 37886 [preauth]
May 12 12:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22381]: Failed password for root from 117.40.119.252 port 40463 ssh2
May 12 12:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22381]: Connection closed by 117.40.119.252 port 40463 [preauth]
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22386]: pam_unix(cron:session): session closed for user p13x
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22479]: Successful su for rubyman by root
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22479]: + ??? root:rubyman
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378785 of user rubyman.
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22479]: pam_unix(su:session): session closed for user rubyman
May 12 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378785.
May 12 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19239]: pam_unix(cron:session): session closed for user root
May 12 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Failed password for root from 117.40.119.252 port 42460 ssh2
May 12 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Connection closed by 117.40.119.252 port 42460 [preauth]
May 12 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22387]: pam_unix(cron:session): session closed for user samftp
May 12 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: Failed password for root from 117.40.119.252 port 44816 ssh2
May 12 12:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: Connection closed by 117.40.119.252 port 44816 [preauth]
May 12 12:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162  user=root
May 12 12:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: Failed password for root from 206.172.46.162 port 53648 ssh2
May 12 12:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: Received disconnect from 206.172.46.162 port 53648:11: Bye Bye [preauth]
May 12 12:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: Disconnected from 206.172.46.162 port 53648 [preauth]
May 12 12:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22719]: Failed password for root from 117.40.119.252 port 51659 ssh2
May 12 12:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22719]: Connection closed by 117.40.119.252 port 51659 [preauth]
May 12 12:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Failed password for root from 117.40.119.252 port 53133 ssh2
May 12 12:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Connection closed by 117.40.119.252 port 53133 [preauth]
May 12 12:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: Failed password for root from 117.40.119.252 port 55233 ssh2
May 12 12:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: Connection closed by 117.40.119.252 port 55233 [preauth]
May 12 12:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: Failed password for root from 117.40.119.252 port 56843 ssh2
May 12 12:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: Connection closed by 117.40.119.252 port 56843 [preauth]
May 12 12:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21114]: pam_unix(cron:session): session closed for user root
May 12 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Failed password for root from 218.92.0.179 port 50478 ssh2
May 12 12:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: Failed password for root from 117.40.119.252 port 60969 ssh2
May 12 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Failed password for root from 218.92.0.179 port 50478 ssh2
May 12 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: Connection closed by 117.40.119.252 port 60969 [preauth]
May 12 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Failed password for root from 218.92.0.179 port 50478 ssh2
May 12 12:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Received disconnect from 218.92.0.179 port 50478:11:  [preauth]
May 12 12:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Disconnected from 218.92.0.179 port 50478 [preauth]
May 12 12:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: Failed password for root from 117.40.119.252 port 34758 ssh2
May 12 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: Connection closed by 117.40.119.252 port 34758 [preauth]
May 12 12:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: Failed password for root from 117.40.119.252 port 36386 ssh2
May 12 12:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: Connection closed by 117.40.119.252 port 36386 [preauth]
May 12 12:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Invalid user newuser from 156.251.24.166
May 12 12:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: input_userauth_request: invalid user newuser [preauth]
May 12 12:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 12:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: Failed password for root from 117.40.119.252 port 39957 ssh2
May 12 12:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: Connection closed by 117.40.119.252 port 39957 [preauth]
May 12 12:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Failed password for invalid user newuser from 156.251.24.166 port 33916 ssh2
May 12 12:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Received disconnect from 156.251.24.166 port 33916:11: Bye Bye [preauth]
May 12 12:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Disconnected from 156.251.24.166 port 33916 [preauth]
May 12 12:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: Failed password for root from 117.40.119.252 port 42034 ssh2
May 12 12:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: Connection closed by 117.40.119.252 port 42034 [preauth]
May 12 12:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22884]: Failed password for root from 117.40.119.252 port 44375 ssh2
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22901]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22900]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session closed for user p13x
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22884]: Connection closed by 117.40.119.252 port 44375 [preauth]
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22993]: Successful su for rubyman by root
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22993]: + ??? root:rubyman
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22993]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378789 of user rubyman.
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22993]: pam_unix(su:session): session closed for user rubyman
May 12 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378789.
May 12 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19690]: pam_unix(cron:session): session closed for user root
May 12 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Invalid user zhangyulan from 50.235.31.47
May 12 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: input_userauth_request: invalid user zhangyulan [preauth]
May 12 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May 12 12:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session closed for user samftp
May 12 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Failed password for root from 117.40.119.252 port 45778 ssh2
May 12 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Failed password for invalid user zhangyulan from 50.235.31.47 port 33718 ssh2
May 12 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Connection closed by 117.40.119.252 port 45778 [preauth]
May 12 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Connection closed by 50.235.31.47 port 33718 [preauth]
May 12 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: Failed password for root from 117.40.119.252 port 48922 ssh2
May 12 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: Connection closed by 117.40.119.252 port 48922 [preauth]
May 12 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23201]: Failed password for root from 117.40.119.252 port 50645 ssh2
May 12 12:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23201]: Connection closed by 117.40.119.252 port 50645 [preauth]
May 12 12:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: Failed password for root from 117.40.119.252 port 51879 ssh2
May 12 12:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: Connection closed by 117.40.119.252 port 51879 [preauth]
May 12 12:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Failed password for root from 117.40.119.252 port 53568 ssh2
May 12 12:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Connection closed by 117.40.119.252 port 53568 [preauth]
May 12 12:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: Failed password for root from 117.40.119.252 port 55541 ssh2
May 12 12:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: Connection closed by 117.40.119.252 port 55541 [preauth]
May 12 12:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: Failed password for root from 117.40.119.252 port 57064 ssh2
May 12 12:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: Connection closed by 117.40.119.252 port 57064 [preauth]
May 12 12:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23266]: Failed password for root from 117.40.119.252 port 58726 ssh2
May 12 12:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23266]: Connection closed by 117.40.119.252 port 58726 [preauth]
May 12 12:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session closed for user root
May 12 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23268]: Failed password for root from 117.40.119.252 port 60408 ssh2
May 12 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23268]: Connection closed by 117.40.119.252 port 60408 [preauth]
May 12 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Failed password for root from 117.40.119.252 port 34010 ssh2
May 12 12:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Connection closed by 117.40.119.252 port 34010 [preauth]
May 12 12:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Failed password for root from 117.40.119.252 port 40538 ssh2
May 12 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Connection closed by 117.40.119.252 port 40538 [preauth]
May 12 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: Failed password for root from 117.40.119.252 port 43818 ssh2
May 12 12:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: Connection closed by 117.40.119.252 port 43818 [preauth]
May 12 12:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Invalid user daniel from 80.94.95.125
May 12 12:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: input_userauth_request: invalid user daniel [preauth]
May 12 12:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 12:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23467]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23464]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23468]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23465]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23468]: pam_unix(cron:session): session closed for user root
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23461]: pam_unix(cron:session): session closed for user p13x
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23531]: Successful su for rubyman by root
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23531]: + ??? root:rubyman
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378793 of user rubyman.
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23531]: pam_unix(su:session): session closed for user rubyman
May 12 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378793.
May 12 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Failed password for invalid user daniel from 80.94.95.125 port 26622 ssh2
May 12 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Received disconnect from 80.94.95.125 port 26622:11: Bye [preauth]
May 12 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Disconnected from 80.94.95.125 port 26622 [preauth]
May 12 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Failed password for root from 117.40.119.252 port 45658 ssh2
May 12 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Connection closed by 117.40.119.252 port 45658 [preauth]
May 12 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23464]: pam_unix(cron:session): session closed for user root
May 12 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20130]: pam_unix(cron:session): session closed for user root
May 12 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23595]: Failed password for root from 117.40.119.252 port 47071 ssh2
May 12 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23595]: Connection closed by 117.40.119.252 port 47071 [preauth]
May 12 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23463]: pam_unix(cron:session): session closed for user samftp
May 12 12:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23755]: Failed password for root from 117.40.119.252 port 51036 ssh2
May 12 12:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23755]: Connection closed by 117.40.119.252 port 51036 [preauth]
May 12 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: Failed password for root from 117.40.119.252 port 52786 ssh2
May 12 12:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: Connection closed by 117.40.119.252 port 52786 [preauth]
May 12 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: Failed password for root from 117.40.119.252 port 55747 ssh2
May 12 12:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: Connection closed by 117.40.119.252 port 55747 [preauth]
May 12 12:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Failed password for root from 117.40.119.252 port 58784 ssh2
May 12 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Connection closed by 117.40.119.252 port 58784 [preauth]
May 12 12:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session closed for user root
May 12 12:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: Failed password for root from 117.40.119.252 port 60897 ssh2
May 12 12:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: Connection closed by 117.40.119.252 port 60897 [preauth]
May 12 12:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Failed password for root from 117.40.119.252 port 34770 ssh2
May 12 12:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Connection closed by 117.40.119.252 port 34770 [preauth]
May 12 12:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23969]: Failed password for root from 117.40.119.252 port 36174 ssh2
May 12 12:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23969]: Connection closed by 117.40.119.252 port 36174 [preauth]
May 12 12:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24003]: Failed password for root from 117.40.119.252 port 37877 ssh2
May 12 12:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24003]: Connection closed by 117.40.119.252 port 37877 [preauth]
May 12 12:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: Failed password for root from 117.40.119.252 port 41266 ssh2
May 12 12:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: Connection closed by 117.40.119.252 port 41266 [preauth]
May 12 12:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: Failed password for root from 117.40.119.252 port 44592 ssh2
May 12 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: Connection closed by 117.40.119.252 port 44592 [preauth]
May 12 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24044]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24046]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24042]: pam_unix(cron:session): session closed for user p13x
May 12 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24111]: Successful su for rubyman by root
May 12 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24111]: + ??? root:rubyman
May 12 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378800 of user rubyman.
May 12 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24111]: pam_unix(su:session): session closed for user rubyman
May 12 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378800.
May 12 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: Failed password for root from 117.40.119.252 port 45979 ssh2
May 12 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: Connection closed by 117.40.119.252 port 45979 [preauth]
May 12 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20569]: pam_unix(cron:session): session closed for user root
May 12 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24043]: pam_unix(cron:session): session closed for user samftp
May 12 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24317]: Failed password for root from 117.40.119.252 port 49101 ssh2
May 12 12:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24317]: Connection closed by 117.40.119.252 port 49101 [preauth]
May 12 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: Failed password for root from 117.40.119.252 port 51995 ssh2
May 12 12:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: Connection closed by 117.40.119.252 port 51995 [preauth]
May 12 12:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24357]: Failed password for root from 117.40.119.252 port 54056 ssh2
May 12 12:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24357]: Connection closed by 117.40.119.252 port 54056 [preauth]
May 12 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24359]: Failed password for root from 117.40.119.252 port 55738 ssh2
May 12 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24359]: Connection closed by 117.40.119.252 port 55738 [preauth]
May 12 12:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: Failed password for root from 117.40.119.252 port 57711 ssh2
May 12 12:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: Connection closed by 117.40.119.252 port 57711 [preauth]
May 12 12:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: Failed password for root from 117.40.119.252 port 59758 ssh2
May 12 12:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: Connection closed by 117.40.119.252 port 59758 [preauth]
May 12 12:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24397]: Failed password for root from 117.40.119.252 port 33120 ssh2
May 12 12:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24397]: Connection closed by 117.40.119.252 port 33120 [preauth]
May 12 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22901]: pam_unix(cron:session): session closed for user root
May 12 12:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Failed password for root from 117.40.119.252 port 39344 ssh2
May 12 12:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Connection closed by 117.40.119.252 port 39344 [preauth]
May 12 12:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24474]: Failed password for root from 117.40.119.252 port 41022 ssh2
May 12 12:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24474]: Connection closed by 117.40.119.252 port 41022 [preauth]
May 12 12:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24486]: Failed password for root from 117.40.119.252 port 42663 ssh2
May 12 12:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24486]: Connection closed by 117.40.119.252 port 42663 [preauth]
May 12 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Invalid user zyx from 193.32.162.157
May 12 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: input_userauth_request: invalid user zyx [preauth]
May 12 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 12:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: Failed password for root from 117.40.119.252 port 44322 ssh2
May 12 12:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: Connection closed by 117.40.119.252 port 44322 [preauth]
May 12 12:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Failed password for invalid user zyx from 193.32.162.157 port 31078 ssh2
May 12 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24512]: pam_unix(cron:session): session closed for user p13x
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24581]: Successful su for rubyman by root
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24581]: + ??? root:rubyman
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378804 of user rubyman.
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24581]: pam_unix(su:session): session closed for user rubyman
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378804.
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Connection closed by 193.32.162.157 port 31078 [preauth]
May 12 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: Failed password for root from 117.40.119.252 port 47377 ssh2
May 12 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: Connection closed by 117.40.119.252 port 47377 [preauth]
May 12 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21113]: pam_unix(cron:session): session closed for user root
May 12 12:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24513]: pam_unix(cron:session): session closed for user samftp
May 12 12:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Failed password for root from 117.40.119.252 port 51832 ssh2
May 12 12:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Connection closed by 117.40.119.252 port 51832 [preauth]
May 12 12:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: Failed password for root from 117.40.119.252 port 55716 ssh2
May 12 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Invalid user aaaa from 193.32.162.157
May 12 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: input_userauth_request: invalid user aaaa [preauth]
May 12 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: Connection closed by 117.40.119.252 port 55716 [preauth]
May 12 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Failed password for invalid user aaaa from 193.32.162.157 port 45740 ssh2
May 12 12:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: Failed password for root from 117.40.119.252 port 57677 ssh2
May 12 12:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: Connection closed by 117.40.119.252 port 57677 [preauth]
May 12 12:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Connection closed by 193.32.162.157 port 45740 [preauth]
May 12 12:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: Failed password for root from 117.40.119.252 port 59045 ssh2
May 12 12:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: Connection closed by 117.40.119.252 port 59045 [preauth]
May 12 12:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: Failed password for root from 117.40.119.252 port 32934 ssh2
May 12 12:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: Connection closed by 117.40.119.252 port 32934 [preauth]
May 12 12:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23467]: pam_unix(cron:session): session closed for user root
May 12 12:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Failed password for root from 117.40.119.252 port 34342 ssh2
May 12 12:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Connection closed by 117.40.119.252 port 34342 [preauth]
May 12 12:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Invalid user adam from 193.32.162.157
May 12 12:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: input_userauth_request: invalid user adam [preauth]
May 12 12:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 12:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Failed password for invalid user adam from 193.32.162.157 port 25226 ssh2
May 12 12:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Connection closed by 193.32.162.157 port 25226 [preauth]
May 12 12:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24929]: Failed password for root from 117.40.119.252 port 42492 ssh2
May 12 12:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24929]: Connection closed by 117.40.119.252 port 42492 [preauth]
May 12 12:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Failed password for root from 117.40.119.252 port 44648 ssh2
May 12 12:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Connection closed by 117.40.119.252 port 44648 [preauth]
May 12 12:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Failed password for root from 117.40.119.252 port 46010 ssh2
May 12 12:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Connection closed by 117.40.119.252 port 46010 [preauth]
May 12 12:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: Invalid user zn from 193.32.162.157
May 12 12:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: input_userauth_request: invalid user zn [preauth]
May 12 12:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 12:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24959]: Failed password for root from 117.40.119.252 port 47445 ssh2
May 12 12:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24959]: Connection closed by 117.40.119.252 port 47445 [preauth]
May 12 12:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24976]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24973]: pam_unix(cron:session): session closed for user p13x
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: Failed password for invalid user zn from 193.32.162.157 port 53936 ssh2
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25036]: Successful su for rubyman by root
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25036]: + ??? root:rubyman
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378808 of user rubyman.
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25036]: pam_unix(su:session): session closed for user rubyman
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378808.
May 12 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24961]: Failed password for root from 117.40.119.252 port 49026 ssh2
May 12 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: Connection closed by 193.32.162.157 port 53936 [preauth]
May 12 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24961]: Connection closed by 117.40.119.252 port 49026 [preauth]
May 12 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session closed for user root
May 12 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session closed for user samftp
May 12 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: Failed password for root from 117.40.119.252 port 50783 ssh2
May 12 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: Connection closed by 117.40.119.252 port 50783 [preauth]
May 12 12:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25224]: Failed password for root from 117.40.119.252 port 52406 ssh2
May 12 12:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25224]: Connection closed by 117.40.119.252 port 52406 [preauth]
May 12 12:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25231]: Failed password for root from 117.40.119.252 port 54341 ssh2
May 12 12:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25231]: Connection closed by 117.40.119.252 port 54341 [preauth]
May 12 12:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: Invalid user 1234567890 from 193.32.162.157
May 12 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: input_userauth_request: invalid user 1234567890 [preauth]
May 12 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: Failed password for root from 117.40.119.252 port 55990 ssh2
May 12 12:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: Connection closed by 117.40.119.252 port 55990 [preauth]
May 12 12:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: Failed password for invalid user 1234567890 from 193.32.162.157 port 12186 ssh2
May 12 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25269]: Failed password for root from 117.40.119.252 port 58325 ssh2
May 12 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25269]: Connection closed by 117.40.119.252 port 58325 [preauth]
May 12 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: Connection closed by 193.32.162.157 port 12186 [preauth]
May 12 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: Failed password for root from 117.40.119.252 port 59871 ssh2
May 12 12:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: Connection closed by 117.40.119.252 port 59871 [preauth]
May 12 12:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Failed password for root from 117.40.119.252 port 33312 ssh2
May 12 12:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Connection closed by 117.40.119.252 port 33312 [preauth]
May 12 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: Failed password for root from 117.40.119.252 port 34842 ssh2
May 12 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: Connection closed by 117.40.119.252 port 34842 [preauth]
May 12 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24046]: pam_unix(cron:session): session closed for user root
May 12 12:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25309]: Failed password for root from 117.40.119.252 port 36589 ssh2
May 12 12:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25309]: Connection closed by 117.40.119.252 port 36589 [preauth]
May 12 12:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25340]: Failed password for root from 117.40.119.252 port 38158 ssh2
May 12 12:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25340]: Connection closed by 117.40.119.252 port 38158 [preauth]
May 12 12:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: Failed password for root from 117.40.119.252 port 39785 ssh2
May 12 12:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: Connection closed by 117.40.119.252 port 39785 [preauth]
May 12 12:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: Failed password for root from 117.40.119.252 port 41199 ssh2
May 12 12:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: Connection closed by 117.40.119.252 port 41199 [preauth]
May 12 12:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25384]: Failed password for root from 117.40.119.252 port 42719 ssh2
May 12 12:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25384]: Connection closed by 117.40.119.252 port 42719 [preauth]
May 12 12:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: Failed password for root from 117.40.119.252 port 44862 ssh2
May 12 12:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: Connection closed by 117.40.119.252 port 44862 [preauth]
May 12 12:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Failed password for root from 117.40.119.252 port 46232 ssh2
May 12 12:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Connection closed by 117.40.119.252 port 46232 [preauth]
May 12 12:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Failed password for root from 117.40.119.252 port 47800 ssh2
May 12 12:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Connection closed by 117.40.119.252 port 47800 [preauth]
May 12 12:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: Failed password for root from 117.40.119.252 port 49160 ssh2
May 12 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: Connection closed by 117.40.119.252 port 49160 [preauth]
May 12 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: Failed password for root from 117.40.119.252 port 50672 ssh2
May 12 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25427]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25423]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session closed for user p13x
May 12 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: Connection closed by 117.40.119.252 port 50672 [preauth]
May 12 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25557]: Successful su for rubyman by root
May 12 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25557]: + ??? root:rubyman
May 12 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378812 of user rubyman.
May 12 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25557]: pam_unix(su:session): session closed for user rubyman
May 12 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378812.
May 12 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25423]: pam_unix(cron:session): session closed for user root
May 12 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session closed for user root
May 12 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25536]: Failed password for root from 117.40.119.252 port 52304 ssh2
May 12 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25536]: Connection closed by 117.40.119.252 port 52304 [preauth]
May 12 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25426]: pam_unix(cron:session): session closed for user samftp
May 12 12:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: Failed password for root from 117.40.119.252 port 53921 ssh2
May 12 12:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: Connection closed by 117.40.119.252 port 53921 [preauth]
May 12 12:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: Failed password for root from 117.40.119.252 port 55416 ssh2
May 12 12:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: Connection closed by 117.40.119.252 port 55416 [preauth]
May 12 12:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: Failed password for root from 117.40.119.252 port 57056 ssh2
May 12 12:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: Connection closed by 117.40.119.252 port 57056 [preauth]
May 12 12:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: Failed password for root from 117.40.119.252 port 58118 ssh2
May 12 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: Connection closed by 117.40.119.252 port 58118 [preauth]
May 12 12:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25883]: Failed password for root from 117.40.119.252 port 60151 ssh2
May 12 12:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25883]: Connection closed by 117.40.119.252 port 60151 [preauth]
May 12 12:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25913]: Failed password for root from 117.40.119.252 port 33954 ssh2
May 12 12:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25913]: Connection closed by 117.40.119.252 port 33954 [preauth]
May 12 12:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25927]: Failed password for root from 117.40.119.252 port 36981 ssh2
May 12 12:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25927]: Connection closed by 117.40.119.252 port 36981 [preauth]
May 12 12:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session closed for user root
May 12 12:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: Failed password for root from 117.40.119.252 port 38650 ssh2
May 12 12:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: Connection closed by 117.40.119.252 port 38650 [preauth]
May 12 12:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Failed password for root from 117.40.119.252 port 40317 ssh2
May 12 12:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Connection closed by 117.40.119.252 port 40317 [preauth]
May 12 12:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Failed password for root from 117.40.119.252 port 41700 ssh2
May 12 12:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Connection closed by 117.40.119.252 port 41700 [preauth]
May 12 12:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25980]: Failed password for root from 117.40.119.252 port 43190 ssh2
May 12 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25980]: Connection closed by 117.40.119.252 port 43190 [preauth]
May 12 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: Failed password for root from 117.40.119.252 port 44961 ssh2
May 12 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: Connection closed by 117.40.119.252 port 44961 [preauth]
May 12 12:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Failed password for root from 117.40.119.252 port 51514 ssh2
May 12 12:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Connection closed by 117.40.119.252 port 51514 [preauth]
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26048]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26042]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26043]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26048]: pam_unix(cron:session): session closed for user root
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26040]: pam_unix(cron:session): session closed for user p13x
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26112]: Successful su for rubyman by root
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26112]: + ??? root:rubyman
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378816 of user rubyman.
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26112]: pam_unix(su:session): session closed for user rubyman
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378816.
May 12 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: Failed password for root from 117.40.119.252 port 53000 ssh2
May 12 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: Connection closed by 117.40.119.252 port 53000 [preauth]
May 12 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26042]: pam_unix(cron:session): session closed for user root
May 12 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22900]: pam_unix(cron:session): session closed for user root
May 12 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26041]: pam_unix(cron:session): session closed for user samftp
May 12 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Failed password for root from 117.40.119.252 port 54570 ssh2
May 12 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Connection closed by 117.40.119.252 port 54570 [preauth]
May 12 12:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26326]: Failed password for root from 117.40.119.252 port 56087 ssh2
May 12 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26326]: Connection closed by 117.40.119.252 port 56087 [preauth]
May 12 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: Failed password for root from 117.40.119.252 port 58189 ssh2
May 12 12:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: Connection closed by 117.40.119.252 port 58189 [preauth]
May 12 12:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May 12 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: Failed password for root from 218.92.0.221 port 41768 ssh2
May 12 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26367]: Failed password for root from 117.40.119.252 port 59650 ssh2
May 12 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26367]: Connection closed by 117.40.119.252 port 59650 [preauth]
May 12 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: Failed password for root from 218.92.0.221 port 41768 ssh2
May 12 12:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: Failed password for root from 117.40.119.252 port 33049 ssh2
May 12 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: Failed password for root from 218.92.0.221 port 41768 ssh2
May 12 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: Connection closed by 117.40.119.252 port 33049 [preauth]
May 12 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: Received disconnect from 218.92.0.221 port 41768:11:  [preauth]
May 12 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: Disconnected from 218.92.0.221 port 41768 [preauth]
May 12 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May 12 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Failed password for root from 117.40.119.252 port 34557 ssh2
May 12 12:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Connection closed by 117.40.119.252 port 34557 [preauth]
May 12 12:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Failed password for root from 117.40.119.252 port 35827 ssh2
May 12 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Connection closed by 117.40.119.252 port 35827 [preauth]
May 12 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26409]: Failed password for root from 117.40.119.252 port 37209 ssh2
May 12 12:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26409]: Connection closed by 117.40.119.252 port 37209 [preauth]
May 12 12:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24976]: pam_unix(cron:session): session closed for user root
May 12 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: Failed password for root from 117.40.119.252 port 39149 ssh2
May 12 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: Connection closed by 117.40.119.252 port 39149 [preauth]
May 12 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: Failed password for root from 117.40.119.252 port 40673 ssh2
May 12 12:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: Connection closed by 117.40.119.252 port 40673 [preauth]
May 12 12:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: Failed password for root from 117.40.119.252 port 42321 ssh2
May 12 12:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: Connection closed by 117.40.119.252 port 42321 [preauth]
May 12 12:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Failed password for root from 117.40.119.252 port 43921 ssh2
May 12 12:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Connection closed by 117.40.119.252 port 43921 [preauth]
May 12 12:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Invalid user autobuild from 156.251.24.166
May 12 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: input_userauth_request: invalid user autobuild [preauth]
May 12 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Failed password for invalid user autobuild from 156.251.24.166 port 41886 ssh2
May 12 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Received disconnect from 156.251.24.166 port 41886:11: Bye Bye [preauth]
May 12 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Disconnected from 156.251.24.166 port 41886 [preauth]
May 12 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Failed password for root from 117.40.119.252 port 47894 ssh2
May 12 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Connection closed by 117.40.119.252 port 47894 [preauth]
May 12 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26584]: Failed password for root from 117.40.119.252 port 51228 ssh2
May 12 12:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26584]: Connection closed by 117.40.119.252 port 51228 [preauth]
May 12 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26600]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26601]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26598]: pam_unix(cron:session): session closed for user p13x
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26668]: Successful su for rubyman by root
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26668]: + ??? root:rubyman
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378823 of user rubyman.
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26668]: pam_unix(su:session): session closed for user rubyman
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378823.
May 12 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: Failed password for root from 117.40.119.252 port 52957 ssh2
May 12 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: Connection closed by 117.40.119.252 port 52957 [preauth]
May 12 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23465]: pam_unix(cron:session): session closed for user root
May 12 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162  user=root
May 12 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26599]: pam_unix(cron:session): session closed for user samftp
May 12 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Failed password for root from 206.172.46.162 port 48015 ssh2
May 12 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Received disconnect from 206.172.46.162 port 48015:11: Bye Bye [preauth]
May 12 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Disconnected from 206.172.46.162 port 48015 [preauth]
May 12 12:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: Failed password for root from 117.40.119.252 port 57117 ssh2
May 12 12:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: Connection closed by 117.40.119.252 port 57117 [preauth]
May 12 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26909]: Failed password for root from 117.40.119.252 port 58886 ssh2
May 12 12:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26909]: Connection closed by 117.40.119.252 port 58886 [preauth]
May 12 12:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26954]: Failed password for root from 117.40.119.252 port 60221 ssh2
May 12 12:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26954]: Connection closed by 117.40.119.252 port 60221 [preauth]
May 12 12:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Failed password for root from 117.40.119.252 port 33577 ssh2
May 12 12:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Connection closed by 117.40.119.252 port 33577 [preauth]
May 12 12:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: Failed password for root from 117.40.119.252 port 35057 ssh2
May 12 12:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: Connection closed by 117.40.119.252 port 35057 [preauth]
May 12 12:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: Failed password for root from 117.40.119.252 port 36793 ssh2
May 12 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: Connection closed by 117.40.119.252 port 36793 [preauth]
May 12 12:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session closed for user root
May 12 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: Failed password for root from 117.40.119.252 port 40835 ssh2
May 12 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: Connection closed by 117.40.119.252 port 40835 [preauth]
May 12 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Failed password for root from 117.40.119.252 port 42513 ssh2
May 12 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Connection closed by 117.40.119.252 port 42513 [preauth]
May 12 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Failed password for root from 117.40.119.252 port 44106 ssh2
May 12 12:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Connection closed by 117.40.119.252 port 44106 [preauth]
May 12 12:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Failed password for root from 117.40.119.252 port 45682 ssh2
May 12 12:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Connection closed by 117.40.119.252 port 45682 [preauth]
May 12 12:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: Failed password for root from 117.40.119.252 port 51557 ssh2
May 12 12:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: Connection closed by 117.40.119.252 port 51557 [preauth]
May 12 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27154]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27153]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27150]: pam_unix(cron:session): session closed for user p13x
May 12 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27220]: Successful su for rubyman by root
May 12 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27220]: + ??? root:rubyman
May 12 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378827 of user rubyman.
May 12 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27220]: pam_unix(su:session): session closed for user rubyman
May 12 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378827.
May 12 12:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24044]: pam_unix(cron:session): session closed for user root
May 12 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27152]: pam_unix(cron:session): session closed for user samftp
May 12 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: Failed password for root from 117.40.119.252 port 55389 ssh2
May 12 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: Connection closed by 117.40.119.252 port 55389 [preauth]
May 12 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: Failed password for root from 117.40.119.252 port 57575 ssh2
May 12 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: Connection closed by 117.40.119.252 port 57575 [preauth]
May 12 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: Failed password for root from 117.40.119.252 port 59350 ssh2
May 12 12:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: Connection closed by 117.40.119.252 port 59350 [preauth]
May 12 12:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: Failed password for root from 117.40.119.252 port 60983 ssh2
May 12 12:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: Connection closed by 117.40.119.252 port 60983 [preauth]
May 12 12:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27547]: Failed password for root from 117.40.119.252 port 34556 ssh2
May 12 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27547]: Connection closed by 117.40.119.252 port 34556 [preauth]
May 12 12:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27575]: Failed password for root from 117.40.119.252 port 36646 ssh2
May 12 12:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27575]: Connection closed by 117.40.119.252 port 36646 [preauth]
May 12 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: Failed password for root from 117.40.119.252 port 39391 ssh2
May 12 12:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: Connection closed by 117.40.119.252 port 39391 [preauth]
May 12 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session closed for user root
May 12 12:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27616]: Failed password for root from 117.40.119.252 port 41287 ssh2
May 12 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27616]: Connection closed by 117.40.119.252 port 41287 [preauth]
May 12 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: Failed password for root from 117.40.119.252 port 43623 ssh2
May 12 12:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: Connection closed by 117.40.119.252 port 43623 [preauth]
May 12 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: Failed password for root from 117.40.119.252 port 47723 ssh2
May 12 12:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: Connection closed by 117.40.119.252 port 47723 [preauth]
May 12 12:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27670]: Failed password for root from 117.40.119.252 port 49559 ssh2
May 12 12:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27670]: Connection closed by 117.40.119.252 port 49559 [preauth]
May 12 12:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27672]: Failed password for root from 117.40.119.252 port 51013 ssh2
May 12 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27672]: Connection closed by 117.40.119.252 port 51013 [preauth]
May 12 12:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27697]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27698]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27694]: pam_unix(cron:session): session closed for user p13x
May 12 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27759]: Successful su for rubyman by root
May 12 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27759]: + ??? root:rubyman
May 12 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378831 of user rubyman.
May 12 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27759]: pam_unix(su:session): session closed for user rubyman
May 12 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378831.
May 12 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: Failed password for root from 117.40.119.252 port 52787 ssh2
May 12 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: Connection closed by 117.40.119.252 port 52787 [preauth]
May 12 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session closed for user root
May 12 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27696]: pam_unix(cron:session): session closed for user samftp
May 12 12:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Failed password for root from 117.40.119.252 port 55146 ssh2
May 12 12:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Connection closed by 117.40.119.252 port 55146 [preauth]
May 12 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: Failed password for root from 117.40.119.252 port 57458 ssh2
May 12 12:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: Connection closed by 117.40.119.252 port 57458 [preauth]
May 12 12:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: Failed password for root from 117.40.119.252 port 59547 ssh2
May 12 12:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: Connection closed by 117.40.119.252 port 59547 [preauth]
May 12 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: Failed password for root from 117.40.119.252 port 35185 ssh2
May 12 12:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: Connection closed by 117.40.119.252 port 35185 [preauth]
May 12 12:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28050]: Failed password for root from 117.40.119.252 port 38380 ssh2
May 12 12:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28050]: Connection closed by 117.40.119.252 port 38380 [preauth]
May 12 12:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26601]: pam_unix(cron:session): session closed for user root
May 12 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Failed password for root from 117.40.119.252 port 40469 ssh2
May 12 12:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Connection closed by 117.40.119.252 port 40469 [preauth]
May 12 12:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: Failed password for root from 117.40.119.252 port 45788 ssh2
May 12 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: Connection closed by 117.40.119.252 port 45788 [preauth]
May 12 12:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Failed password for root from 117.40.119.252 port 47154 ssh2
May 12 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Connection closed by 117.40.119.252 port 47154 [preauth]
May 12 12:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: Failed password for root from 117.40.119.252 port 49245 ssh2
May 12 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: Connection closed by 117.40.119.252 port 49245 [preauth]
May 12 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: Failed password for root from 117.40.119.252 port 50929 ssh2
May 12 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: Connection closed by 117.40.119.252 port 50929 [preauth]
May 12 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: Failed password for root from 117.40.119.252 port 52380 ssh2
May 12 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: Connection closed by 117.40.119.252 port 52380 [preauth]
May 12 12:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28157]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28158]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session closed for user p13x
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: Successful su for rubyman by root
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: + ??? root:rubyman
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378834 of user rubyman.
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: pam_unix(su:session): session closed for user rubyman
May 12 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378834.
May 12 12:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: Failed password for root from 117.40.119.252 port 53990 ssh2
May 12 12:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: Connection closed by 117.40.119.252 port 53990 [preauth]
May 12 12:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session closed for user root
May 12 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session closed for user samftp
May 12 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: Failed password for root from 117.40.119.252 port 56896 ssh2
May 12 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: Connection closed by 117.40.119.252 port 56896 [preauth]
May 12 12:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28422]: Failed password for root from 117.40.119.252 port 58265 ssh2
May 12 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28422]: Connection closed by 117.40.119.252 port 58265 [preauth]
May 12 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28426]: Failed password for root from 117.40.119.252 port 33358 ssh2
May 12 12:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28426]: Connection closed by 117.40.119.252 port 33358 [preauth]
May 12 12:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28451]: Failed password for root from 117.40.119.252 port 34940 ssh2
May 12 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28451]: Connection closed by 117.40.119.252 port 34940 [preauth]
May 12 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 12:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Failed password for root from 218.92.0.233 port 45056 ssh2
May 12 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: Failed password for root from 117.40.119.252 port 36526 ssh2
May 12 12:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: Connection closed by 117.40.119.252 port 36526 [preauth]
May 12 12:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Failed password for root from 218.92.0.233 port 45056 ssh2
May 12 12:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Failed password for root from 218.92.0.233 port 45056 ssh2
May 12 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Received disconnect from 218.92.0.233 port 45056:11:  [preauth]
May 12 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Disconnected from 218.92.0.233 port 45056 [preauth]
May 12 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: Failed password for root from 117.40.119.252 port 38342 ssh2
May 12 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: Connection closed by 117.40.119.252 port 38342 [preauth]
May 12 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: Failed password for root from 218.92.0.233 port 40882 ssh2
May 12 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: Failed password for root from 117.40.119.252 port 39898 ssh2
May 12 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: Connection closed by 117.40.119.252 port 39898 [preauth]
May 12 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: Failed password for root from 218.92.0.179 port 40546 ssh2
May 12 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: Failed password for root from 218.92.0.233 port 40882 ssh2
May 12 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: Failed password for root from 218.92.0.233 port 40882 ssh2
May 12 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: Failed password for root from 218.92.0.179 port 40546 ssh2
May 12 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: Received disconnect from 218.92.0.233 port 40882:11:  [preauth]
May 12 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: Disconnected from 218.92.0.233 port 40882 [preauth]
May 12 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: Failed password for root from 218.92.0.179 port 40546 ssh2
May 12 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: Received disconnect from 218.92.0.179 port 40546:11:  [preauth]
May 12 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: Disconnected from 218.92.0.179 port 40546 [preauth]
May 12 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27154]: pam_unix(cron:session): session closed for user root
May 12 12:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28511]: Failed password for root from 218.92.0.233 port 42480 ssh2
May 12 12:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28530]: Failed password for root from 117.40.119.252 port 43940 ssh2
May 12 12:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28530]: Connection closed by 117.40.119.252 port 43940 [preauth]
May 12 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28511]: Failed password for root from 218.92.0.233 port 42480 ssh2
May 12 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28511]: Failed password for root from 218.92.0.233 port 42480 ssh2
May 12 12:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28511]: Received disconnect from 218.92.0.233 port 42480:11:  [preauth]
May 12 12:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28511]: Disconnected from 218.92.0.233 port 42480 [preauth]
May 12 12:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28511]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 12:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28544]: Failed password for root from 117.40.119.252 port 45304 ssh2
May 12 12:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28544]: Connection closed by 117.40.119.252 port 45304 [preauth]
May 12 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: Failed password for root from 117.40.119.252 port 47004 ssh2
May 12 12:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: Connection closed by 117.40.119.252 port 47004 [preauth]
May 12 12:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: Failed password for root from 117.40.119.252 port 48374 ssh2
May 12 12:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: Connection closed by 117.40.119.252 port 48374 [preauth]
May 12 12:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Failed password for root from 117.40.119.252 port 50565 ssh2
May 12 12:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Connection closed by 117.40.119.252 port 50565 [preauth]
May 12 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28592]: Failed password for root from 117.40.119.252 port 54628 ssh2
May 12 12:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28592]: Connection closed by 117.40.119.252 port 54628 [preauth]
May 12 12:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28610]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28609]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28611]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28608]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28611]: pam_unix(cron:session): session closed for user root
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28606]: pam_unix(cron:session): session closed for user p13x
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28674]: Successful su for rubyman by root
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28674]: + ??? root:rubyman
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378839 of user rubyman.
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28674]: pam_unix(su:session): session closed for user rubyman
May 12 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378839.
May 12 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28602]: Failed password for root from 117.40.119.252 port 56159 ssh2
May 12 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28602]: Connection closed by 117.40.119.252 port 56159 [preauth]
May 12 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28608]: pam_unix(cron:session): session closed for user root
May 12 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25427]: pam_unix(cron:session): session closed for user root
May 12 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28721]: Failed password for root from 117.40.119.252 port 58079 ssh2
May 12 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28721]: Connection closed by 117.40.119.252 port 58079 [preauth]
May 12 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28607]: pam_unix(cron:session): session closed for user samftp
May 12 12:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: Failed password for root from 117.40.119.252 port 33949 ssh2
May 12 12:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: Connection closed by 117.40.119.252 port 33949 [preauth]
May 12 12:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28926]: Failed password for root from 117.40.119.252 port 35899 ssh2
May 12 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28926]: Connection closed by 117.40.119.252 port 35899 [preauth]
May 12 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: Failed password for root from 117.40.119.252 port 37380 ssh2
May 12 12:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: Connection closed by 117.40.119.252 port 37380 [preauth]
May 12 12:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Failed password for root from 117.40.119.252 port 38798 ssh2
May 12 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Connection closed by 117.40.119.252 port 38798 [preauth]
May 12 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28964]: Failed password for root from 117.40.119.252 port 41785 ssh2
May 12 12:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28964]: Connection closed by 117.40.119.252 port 41785 [preauth]
May 12 12:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: Failed password for root from 117.40.119.252 port 43445 ssh2
May 12 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: Connection closed by 117.40.119.252 port 43445 [preauth]
May 12 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27698]: pam_unix(cron:session): session closed for user root
May 12 12:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28977]: Failed password for root from 117.40.119.252 port 45040 ssh2
May 12 12:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28977]: Connection closed by 117.40.119.252 port 45040 [preauth]
May 12 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29008]: Failed password for root from 117.40.119.252 port 46448 ssh2
May 12 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29008]: Connection closed by 117.40.119.252 port 46448 [preauth]
May 12 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: Invalid user rizki from 206.172.46.162
May 12 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: input_userauth_request: invalid user rizki [preauth]
May 12 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162
May 12 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: Failed password for invalid user rizki from 206.172.46.162 port 41940 ssh2
May 12 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: Received disconnect from 206.172.46.162 port 41940:11: Bye Bye [preauth]
May 12 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: Disconnected from 206.172.46.162 port 41940 [preauth]
May 12 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: Failed password for root from 117.40.119.252 port 48306 ssh2
May 12 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: Connection closed by 117.40.119.252 port 48306 [preauth]
May 12 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: Failed password for root from 117.40.119.252 port 49842 ssh2
May 12 12:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: Connection closed by 117.40.119.252 port 49842 [preauth]
May 12 12:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: Failed password for root from 117.40.119.252 port 51288 ssh2
May 12 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: Connection closed by 117.40.119.252 port 51288 [preauth]
May 12 12:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: Failed password for root from 117.40.119.252 port 52879 ssh2
May 12 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: Connection closed by 117.40.119.252 port 52879 [preauth]
May 12 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Failed password for root from 117.40.119.252 port 54563 ssh2
May 12 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Connection closed by 117.40.119.252 port 54563 [preauth]
May 12 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Failed password for root from 117.40.119.252 port 56007 ssh2
May 12 12:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Connection closed by 117.40.119.252 port 56007 [preauth]
May 12 12:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: Failed password for root from 117.40.119.252 port 57503 ssh2
May 12 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: Connection closed by 117.40.119.252 port 57503 [preauth]
May 12 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session closed for user p13x
May 12 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29253]: Successful su for rubyman by root
May 12 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29253]: + ??? root:rubyman
May 12 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378845 of user rubyman.
May 12 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29253]: pam_unix(su:session): session closed for user rubyman
May 12 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378845.
May 12 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: Failed password for root from 117.40.119.252 port 58919 ssh2
May 12 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: Connection closed by 117.40.119.252 port 58919 [preauth]
May 12 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26043]: pam_unix(cron:session): session closed for user root
May 12 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29183]: pam_unix(cron:session): session closed for user samftp
May 12 12:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Failed password for root from 117.40.119.252 port 60683 ssh2
May 12 12:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Connection closed by 117.40.119.252 port 60683 [preauth]
May 12 12:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: Failed password for root from 117.40.119.252 port 34609 ssh2
May 12 12:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: Connection closed by 117.40.119.252 port 34609 [preauth]
May 12 12:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29452]: Failed password for root from 117.40.119.252 port 36201 ssh2
May 12 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29452]: Connection closed by 117.40.119.252 port 36201 [preauth]
May 12 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29475]: Failed password for root from 117.40.119.252 port 37939 ssh2
May 12 12:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29475]: Connection closed by 117.40.119.252 port 37939 [preauth]
May 12 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Failed password for root from 117.40.119.252 port 39700 ssh2
May 12 12:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Connection closed by 117.40.119.252 port 39700 [preauth]
May 12 12:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Failed password for root from 117.40.119.252 port 41789 ssh2
May 12 12:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Connection closed by 117.40.119.252 port 41789 [preauth]
May 12 12:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Failed password for root from 117.40.119.252 port 44909 ssh2
May 12 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Connection closed by 117.40.119.252 port 44909 [preauth]
May 12 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28158]: pam_unix(cron:session): session closed for user root
May 12 12:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Failed password for root from 117.40.119.252 port 46377 ssh2
May 12 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Connection closed by 117.40.119.252 port 46377 [preauth]
May 12 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: Failed password for root from 117.40.119.252 port 49625 ssh2
May 12 12:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: Connection closed by 117.40.119.252 port 49625 [preauth]
May 12 12:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: Failed password for root from 117.40.119.252 port 51372 ssh2
May 12 12:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: Connection closed by 117.40.119.252 port 51372 [preauth]
May 12 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29597]: Failed password for root from 117.40.119.252 port 52824 ssh2
May 12 12:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29597]: Connection closed by 117.40.119.252 port 52824 [preauth]
May 12 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session closed for user root
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session closed for user p13x
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29696]: Successful su for rubyman by root
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29696]: + ??? root:rubyman
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378851 of user rubyman.
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29696]: pam_unix(su:session): session closed for user rubyman
May 12 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378851.
May 12 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Failed password for root from 117.40.119.252 port 59784 ssh2
May 12 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Connection closed by 117.40.119.252 port 59784 [preauth]
May 12 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26600]: pam_unix(cron:session): session closed for user root
May 12 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session closed for user samftp
May 12 12:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Failed password for root from 117.40.119.252 port 33237 ssh2
May 12 12:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Connection closed by 117.40.119.252 port 33237 [preauth]
May 12 12:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Failed password for root from 117.40.119.252 port 37570 ssh2
May 12 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Connection closed by 117.40.119.252 port 37570 [preauth]
May 12 12:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 12:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: Failed password for root from 117.40.119.252 port 38826 ssh2
May 12 12:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: Connection closed by 117.40.119.252 port 38826 [preauth]
May 12 12:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Failed password for root from 80.94.95.15 port 7789 ssh2
May 12 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Failed password for root from 80.94.95.15 port 7789 ssh2
May 12 12:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Failed password for root from 117.40.119.252 port 40801 ssh2
May 12 12:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Connection closed by 117.40.119.252 port 40801 [preauth]
May 12 12:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Failed password for root from 80.94.95.15 port 7789 ssh2
May 12 12:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Failed password for root from 117.40.119.252 port 42291 ssh2
May 12 12:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Connection closed by 117.40.119.252 port 42291 [preauth]
May 12 12:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Failed password for root from 80.94.95.15 port 7789 ssh2
May 12 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Failed password for root from 80.94.95.15 port 7789 ssh2
May 12 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Received disconnect from 80.94.95.15 port 7789:11: Bye [preauth]
May 12 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Disconnected from 80.94.95.15 port 7789 [preauth]
May 12 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29958]: Failed password for root from 117.40.119.252 port 43964 ssh2
May 12 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29958]: Connection closed by 117.40.119.252 port 43964 [preauth]
May 12 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: Failed password for root from 117.40.119.252 port 46011 ssh2
May 12 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: Connection closed by 117.40.119.252 port 46011 [preauth]
May 12 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28610]: pam_unix(cron:session): session closed for user root
May 12 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: Failed password for root from 117.40.119.252 port 50030 ssh2
May 12 12:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: Connection closed by 117.40.119.252 port 50030 [preauth]
May 12 12:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166  user=root
May 12 12:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Failed password for root from 117.40.119.252 port 53019 ssh2
May 12 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Connection closed by 117.40.119.252 port 53019 [preauth]
May 12 12:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: Failed password for root from 156.251.24.166 port 50448 ssh2
May 12 12:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: Received disconnect from 156.251.24.166 port 50448:11: Bye Bye [preauth]
May 12 12:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: Disconnected from 156.251.24.166 port 50448 [preauth]
May 12 12:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: Failed password for root from 117.40.119.252 port 55886 ssh2
May 12 12:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: Connection closed by 117.40.119.252 port 55886 [preauth]
May 12 12:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: Failed password for root from 117.40.119.252 port 58576 ssh2
May 12 12:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: Connection closed by 117.40.119.252 port 58576 [preauth]
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30067]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30066]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30064]: pam_unix(cron:session): session closed for user p13x
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: Successful su for rubyman by root
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: + ??? root:rubyman
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378853 of user rubyman.
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: pam_unix(su:session): session closed for user rubyman
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378853.
May 12 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Failed password for root from 117.40.119.252 port 60251 ssh2
May 12 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Connection closed by 117.40.119.252 port 60251 [preauth]
May 12 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27153]: pam_unix(cron:session): session closed for user root
May 12 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30065]: pam_unix(cron:session): session closed for user samftp
May 12 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30275]: Failed password for root from 117.40.119.252 port 33819 ssh2
May 12 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30275]: Connection closed by 117.40.119.252 port 33819 [preauth]
May 12 12:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30314]: Failed password for root from 117.40.119.252 port 35320 ssh2
May 12 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30314]: Connection closed by 117.40.119.252 port 35320 [preauth]
May 12 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: Failed password for root from 117.40.119.252 port 37425 ssh2
May 12 12:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: Connection closed by 117.40.119.252 port 37425 [preauth]
May 12 12:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: Failed password for root from 117.40.119.252 port 41170 ssh2
May 12 12:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: Connection closed by 117.40.119.252 port 41170 [preauth]
May 12 12:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: Failed password for root from 117.40.119.252 port 42842 ssh2
May 12 12:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: Connection closed by 117.40.119.252 port 42842 [preauth]
May 12 12:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Failed password for root from 117.40.119.252 port 44366 ssh2
May 12 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Connection closed by 117.40.119.252 port 44366 [preauth]
May 12 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session closed for user root
May 12 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: Failed password for root from 117.40.119.252 port 46542 ssh2
May 12 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: Connection closed by 117.40.119.252 port 46542 [preauth]
May 12 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Failed password for root from 117.40.119.252 port 48161 ssh2
May 12 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Connection closed by 117.40.119.252 port 48161 [preauth]
May 12 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30431]: Failed password for root from 117.40.119.252 port 49822 ssh2
May 12 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30431]: Connection closed by 117.40.119.252 port 49822 [preauth]
May 12 12:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Failed password for root from 80.94.95.125 port 42590 ssh2
May 12 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Received disconnect from 80.94.95.125 port 42590:11: Bye [preauth]
May 12 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Disconnected from 80.94.95.125 port 42590 [preauth]
May 12 12:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30445]: Failed password for root from 117.40.119.252 port 51639 ssh2
May 12 12:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30445]: Connection closed by 117.40.119.252 port 51639 [preauth]
May 12 12:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for root from 117.40.119.252 port 53100 ssh2
May 12 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Connection closed by 117.40.119.252 port 53100 [preauth]
May 12 12:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: Failed password for root from 117.40.119.252 port 55911 ssh2
May 12 12:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: Connection closed by 117.40.119.252 port 55911 [preauth]
May 12 12:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30490]: Failed password for root from 117.40.119.252 port 58631 ssh2
May 12 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30490]: Connection closed by 117.40.119.252 port 58631 [preauth]
May 12 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30499]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30500]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30495]: pam_unix(cron:session): session closed for user p13x
May 12 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30556]: Successful su for rubyman by root
May 12 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30556]: + ??? root:rubyman
May 12 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378857 of user rubyman.
May 12 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30556]: pam_unix(su:session): session closed for user rubyman
May 12 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378857.
May 12 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27697]: pam_unix(cron:session): session closed for user root
May 12 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30492]: Failed password for root from 117.40.119.252 port 60639 ssh2
May 12 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30492]: Connection closed by 117.40.119.252 port 60639 [preauth]
May 12 12:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30497]: pam_unix(cron:session): session closed for user samftp
May 12 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: Failed password for root from 117.40.119.252 port 36359 ssh2
May 12 12:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: Connection closed by 117.40.119.252 port 36359 [preauth]
May 12 12:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Failed password for root from 117.40.119.252 port 38019 ssh2
May 12 12:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Connection closed by 117.40.119.252 port 38019 [preauth]
May 12 12:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: Failed password for root from 117.40.119.252 port 39440 ssh2
May 12 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: Connection closed by 117.40.119.252 port 39440 [preauth]
May 12 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: Failed password for root from 117.40.119.252 port 41612 ssh2
May 12 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: Connection closed by 117.40.119.252 port 41612 [preauth]
May 12 12:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: Failed password for root from 117.40.119.252 port 45108 ssh2
May 12 12:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: Connection closed by 117.40.119.252 port 45108 [preauth]
May 12 12:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user root
May 12 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Failed password for root from 117.40.119.252 port 47664 ssh2
May 12 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Connection closed by 117.40.119.252 port 47664 [preauth]
May 12 12:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: Failed password for root from 117.40.119.252 port 49262 ssh2
May 12 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: Connection closed by 117.40.119.252 port 49262 [preauth]
May 12 12:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: Failed password for root from 117.40.119.252 port 51207 ssh2
May 12 12:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: Connection closed by 117.40.119.252 port 51207 [preauth]
May 12 12:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Failed password for root from 117.40.119.252 port 52986 ssh2
May 12 12:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Connection closed by 117.40.119.252 port 52986 [preauth]
May 12 12:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: Failed password for root from 117.40.119.252 port 54376 ssh2
May 12 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: Connection closed by 117.40.119.252 port 54376 [preauth]
May 12 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Failed password for root from 117.40.119.252 port 55887 ssh2
May 12 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Connection closed by 117.40.119.252 port 55887 [preauth]
May 12 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30899]: Failed password for root from 117.40.119.252 port 57190 ssh2
May 12 12:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30899]: Connection closed by 117.40.119.252 port 57190 [preauth]
May 12 12:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30901]: Failed password for root from 117.40.119.252 port 58799 ssh2
May 12 12:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30901]: Connection closed by 117.40.119.252 port 58799 [preauth]
May 12 12:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30930]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30929]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30931]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30936]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30936]: pam_unix(cron:session): session closed for user root
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30926]: pam_unix(cron:session): session closed for user p13x
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31085]: Successful su for rubyman by root
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31085]: + ??? root:rubyman
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378865 of user rubyman.
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31085]: pam_unix(su:session): session closed for user rubyman
May 12 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378865.
May 12 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Failed password for root from 117.40.119.252 port 60289 ssh2
May 12 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Connection closed by 117.40.119.252 port 60289 [preauth]
May 12 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30929]: pam_unix(cron:session): session closed for user root
May 12 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28157]: pam_unix(cron:session): session closed for user root
May 12 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30928]: pam_unix(cron:session): session closed for user samftp
May 12 12:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: Failed password for root from 117.40.119.252 port 33808 ssh2
May 12 12:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: Connection closed by 117.40.119.252 port 33808 [preauth]
May 12 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31327]: Failed password for root from 117.40.119.252 port 39241 ssh2
May 12 12:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31327]: Connection closed by 117.40.119.252 port 39241 [preauth]
May 12 12:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: Failed password for root from 117.40.119.252 port 40766 ssh2
May 12 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: Connection closed by 117.40.119.252 port 40766 [preauth]
May 12 12:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: Failed password for root from 117.40.119.252 port 42749 ssh2
May 12 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: Connection closed by 117.40.119.252 port 42749 [preauth]
May 12 12:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31373]: Failed password for root from 117.40.119.252 port 45038 ssh2
May 12 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31373]: Connection closed by 117.40.119.252 port 45038 [preauth]
May 12 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: Invalid user rena from 206.172.46.162
May 12 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: input_userauth_request: invalid user rena [preauth]
May 12 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162
May 12 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30067]: pam_unix(cron:session): session closed for user root
May 12 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: Failed password for invalid user rena from 206.172.46.162 port 36737 ssh2
May 12 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: Received disconnect from 206.172.46.162 port 36737:11: Bye Bye [preauth]
May 12 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: Disconnected from 206.172.46.162 port 36737 [preauth]
May 12 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Failed password for root from 117.40.119.252 port 46996 ssh2
May 12 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Connection closed by 117.40.119.252 port 46996 [preauth]
May 12 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Failed password for root from 117.40.119.252 port 48572 ssh2
May 12 12:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Connection closed by 117.40.119.252 port 48572 [preauth]
May 12 12:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31416]: Failed password for root from 117.40.119.252 port 50348 ssh2
May 12 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31416]: Connection closed by 117.40.119.252 port 50348 [preauth]
May 12 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Failed password for root from 117.40.119.252 port 51541 ssh2
May 12 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Connection closed by 117.40.119.252 port 51541 [preauth]
May 12 12:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31452]: Failed password for root from 117.40.119.252 port 55747 ssh2
May 12 12:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31452]: Connection closed by 117.40.119.252 port 55747 [preauth]
May 12 12:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May 12 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: Failed password for root from 117.40.119.252 port 57158 ssh2
May 12 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: Connection closed by 117.40.119.252 port 57158 [preauth]
May 12 12:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Failed password for root from 218.92.0.217 port 60614 ssh2
May 12 12:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Failed password for root from 218.92.0.217 port 60614 ssh2
May 12 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: Failed password for root from 117.40.119.252 port 58626 ssh2
May 12 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: Connection closed by 117.40.119.252 port 58626 [preauth]
May 12 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Failed password for root from 218.92.0.217 port 60614 ssh2
May 12 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Received disconnect from 218.92.0.217 port 60614:11:  [preauth]
May 12 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Disconnected from 218.92.0.217 port 60614 [preauth]
May 12 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May 12 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: Failed password for root from 117.40.119.252 port 60169 ssh2
May 12 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: Connection closed by 117.40.119.252 port 60169 [preauth]
May 12 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31500]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31497]: pam_unix(cron:session): session closed for user p13x
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31565]: Successful su for rubyman by root
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31565]: + ??? root:rubyman
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378867 of user rubyman.
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31565]: pam_unix(su:session): session closed for user rubyman
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378867.
May 12 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: Failed password for root from 117.40.119.252 port 33978 ssh2
May 12 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: Connection closed by 117.40.119.252 port 33978 [preauth]
May 12 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28609]: pam_unix(cron:session): session closed for user root
May 12 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31498]: pam_unix(cron:session): session closed for user samftp
May 12 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: Failed password for root from 117.40.119.252 port 35510 ssh2
May 12 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: Connection closed by 117.40.119.252 port 35510 [preauth]
May 12 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: Failed password for root from 117.40.119.252 port 37282 ssh2
May 12 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: Connection closed by 117.40.119.252 port 37282 [preauth]
May 12 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: Failed password for root from 117.40.119.252 port 39381 ssh2
May 12 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: Connection closed by 117.40.119.252 port 39381 [preauth]
May 12 12:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Failed password for root from 117.40.119.252 port 43343 ssh2
May 12 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Connection closed by 117.40.119.252 port 43343 [preauth]
May 12 12:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: Failed password for root from 117.40.119.252 port 45082 ssh2
May 12 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: Connection closed by 117.40.119.252 port 45082 [preauth]
May 12 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31851]: Failed password for root from 117.40.119.252 port 47969 ssh2
May 12 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31851]: Connection closed by 117.40.119.252 port 47969 [preauth]
May 12 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30500]: pam_unix(cron:session): session closed for user root
May 12 12:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Failed password for root from 117.40.119.252 port 49445 ssh2
May 12 12:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Connection closed by 117.40.119.252 port 49445 [preauth]
May 12 12:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Failed password for root from 117.40.119.252 port 51006 ssh2
May 12 12:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Connection closed by 117.40.119.252 port 51006 [preauth]
May 12 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: Failed password for root from 117.40.119.252 port 52673 ssh2
May 12 12:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: Connection closed by 117.40.119.252 port 52673 [preauth]
May 12 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: Failed password for root from 117.40.119.252 port 55618 ssh2
May 12 12:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: Connection closed by 117.40.119.252 port 55618 [preauth]
May 12 12:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: Failed password for root from 117.40.119.252 port 57212 ssh2
May 12 12:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: Connection closed by 117.40.119.252 port 57212 [preauth]
May 12 12:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: Failed password for root from 117.40.119.252 port 58962 ssh2
May 12 12:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: Connection closed by 117.40.119.252 port 58962 [preauth]
May 12 12:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Failed password for root from 117.40.119.252 port 60602 ssh2
May 12 12:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Connection closed by 117.40.119.252 port 60602 [preauth]
May 12 12:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32069]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32070]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session closed for user p13x
May 12 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32305]: Successful su for rubyman by root
May 12 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32305]: + ??? root:rubyman
May 12 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378872 of user rubyman.
May 12 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32305]: pam_unix(su:session): session closed for user rubyman
May 12 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378872.
May 12 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: Failed password for root from 117.40.119.252 port 34312 ssh2
May 12 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: Connection closed by 117.40.119.252 port 34312 [preauth]
May 12 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session closed for user root
May 12 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session closed for user samftp
May 12 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: Failed password for root from 117.40.119.252 port 36386 ssh2
May 12 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: Connection closed by 117.40.119.252 port 36386 [preauth]
May 12 12:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Failed password for root from 117.40.119.252 port 38453 ssh2
May 12 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Connection closed by 117.40.119.252 port 38453 [preauth]
May 12 12:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Invalid user admin from 80.94.95.112
May 12 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: input_userauth_request: invalid user admin [preauth]
May 12 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Failed password for invalid user admin from 80.94.95.112 port 29552 ssh2
May 12 12:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32553]: Failed password for root from 117.40.119.252 port 41441 ssh2
May 12 12:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32553]: Connection closed by 117.40.119.252 port 41441 [preauth]
May 12 12:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Failed password for invalid user admin from 80.94.95.112 port 29552 ssh2
May 12 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Failed password for root from 117.40.119.252 port 44253 ssh2
May 12 12:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Connection closed by 117.40.119.252 port 44253 [preauth]
May 12 12:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Failed password for invalid user admin from 80.94.95.112 port 29552 ssh2
May 12 12:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Failed password for invalid user admin from 80.94.95.112 port 29552 ssh2
May 12 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Failed password for root from 117.40.119.252 port 45663 ssh2
May 12 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Connection closed by 117.40.119.252 port 45663 [preauth]
May 12 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Failed password for invalid user admin from 80.94.95.112 port 29552 ssh2
May 12 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Received disconnect from 80.94.95.112 port 29552:11: Bye [preauth]
May 12 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Disconnected from 80.94.95.112 port 29552 [preauth]
May 12 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 12:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Failed password for root from 117.40.119.252 port 47082 ssh2
May 12 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Connection closed by 117.40.119.252 port 47082 [preauth]
May 12 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: Failed password for root from 117.40.119.252 port 49853 ssh2
May 12 12:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: Connection closed by 117.40.119.252 port 49853 [preauth]
May 12 12:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30931]: pam_unix(cron:session): session closed for user root
May 12 12:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Failed password for root from 117.40.119.252 port 51403 ssh2
May 12 12:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Connection closed by 117.40.119.252 port 51403 [preauth]
May 12 12:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Failed password for root from 117.40.119.252 port 52997 ssh2
May 12 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Connection closed by 117.40.119.252 port 52997 [preauth]
May 12 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[303]: Failed password for root from 117.40.119.252 port 58300 ssh2
May 12 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[303]: Connection closed by 117.40.119.252 port 58300 [preauth]
May 12 12:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Failed password for root from 117.40.119.252 port 59794 ssh2
May 12 12:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Connection closed by 117.40.119.252 port 59794 [preauth]
May 12 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[357]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[356]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session closed for user p13x
May 12 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[463]: Successful su for rubyman by root
May 12 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[463]: + ??? root:rubyman
May 12 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378875 of user rubyman.
May 12 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[463]: pam_unix(su:session): session closed for user rubyman
May 12 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378875.
May 12 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: Failed password for root from 117.40.119.252 port 34502 ssh2
May 12 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: Connection closed by 117.40.119.252 port 34502 [preauth]
May 12 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session closed for user root
May 12 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session closed for user samftp
May 12 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: Failed password for root from 117.40.119.252 port 37466 ssh2
May 12 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: Connection closed by 117.40.119.252 port 37466 [preauth]
May 12 12:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: Failed password for root from 117.40.119.252 port 41476 ssh2
May 12 12:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: Connection closed by 117.40.119.252 port 41476 [preauth]
May 12 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[747]: Failed password for root from 117.40.119.252 port 46022 ssh2
May 12 12:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[747]: Connection closed by 117.40.119.252 port 46022 [preauth]
May 12 12:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: Failed password for root from 117.40.119.252 port 50330 ssh2
May 12 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: Connection closed by 117.40.119.252 port 50330 [preauth]
May 12 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31500]: pam_unix(cron:session): session closed for user root
May 12 12:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Failed password for root from 117.40.119.252 port 52074 ssh2
May 12 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Connection closed by 117.40.119.252 port 52074 [preauth]
May 12 12:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: Failed password for root from 117.40.119.252 port 53493 ssh2
May 12 12:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: Connection closed by 117.40.119.252 port 53493 [preauth]
May 12 12:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Failed password for root from 117.40.119.252 port 56576 ssh2
May 12 12:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Connection closed by 117.40.119.252 port 56576 [preauth]
May 12 12:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: Failed password for root from 117.40.119.252 port 33393 ssh2
May 12 12:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: Connection closed by 117.40.119.252 port 33393 [preauth]
May 12 12:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: Failed password for root from 117.40.119.252 port 35184 ssh2
May 12 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: Connection closed by 117.40.119.252 port 35184 [preauth]
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[875]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[877]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[873]: pam_unix(cron:session): session closed for user p13x
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[952]: Successful su for rubyman by root
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[952]: + ??? root:rubyman
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378881 of user rubyman.
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[952]: pam_unix(su:session): session closed for user rubyman
May 12 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378881.
May 12 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30066]: pam_unix(cron:session): session closed for user root
May 12 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Failed password for root from 117.40.119.252 port 36772 ssh2
May 12 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Connection closed by 117.40.119.252 port 36772 [preauth]
May 12 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session closed for user samftp
May 12 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: Failed password for root from 117.40.119.252 port 38620 ssh2
May 12 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: Connection closed by 117.40.119.252 port 38620 [preauth]
May 12 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: Failed password for root from 117.40.119.252 port 39986 ssh2
May 12 12:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: Connection closed by 117.40.119.252 port 39986 [preauth]
May 12 12:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Failed password for root from 117.40.119.252 port 41460 ssh2
May 12 12:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Connection closed by 117.40.119.252 port 41460 [preauth]
May 12 12:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Failed password for root from 117.40.119.252 port 45509 ssh2
May 12 12:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Connection closed by 117.40.119.252 port 45509 [preauth]
May 12 12:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Failed password for root from 117.40.119.252 port 48651 ssh2
May 12 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Connection closed by 117.40.119.252 port 48651 [preauth]
May 12 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1272]: Failed password for root from 117.40.119.252 port 50273 ssh2
May 12 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1272]: Connection closed by 117.40.119.252 port 50273 [preauth]
May 12 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32070]: pam_unix(cron:session): session closed for user root
May 12 12:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: Failed password for root from 117.40.119.252 port 51938 ssh2
May 12 12:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: Connection closed by 117.40.119.252 port 51938 [preauth]
May 12 12:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: Failed password for root from 117.40.119.252 port 53573 ssh2
May 12 12:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: Connection closed by 117.40.119.252 port 53573 [preauth]
May 12 12:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: Failed password for root from 117.40.119.252 port 55672 ssh2
May 12 12:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: Connection closed by 117.40.119.252 port 55672 [preauth]
May 12 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Failed password for root from 117.40.119.252 port 57889 ssh2
May 12 12:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Connection closed by 117.40.119.252 port 57889 [preauth]
May 12 12:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: Failed password for root from 117.40.119.252 port 60105 ssh2
May 12 12:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: Connection closed by 117.40.119.252 port 60105 [preauth]
May 12 12:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: Invalid user service from 156.251.24.166
May 12 12:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: input_userauth_request: invalid user service [preauth]
May 12 12:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 12:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: Failed password for invalid user service from 156.251.24.166 port 60798 ssh2
May 12 12:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: Received disconnect from 156.251.24.166 port 60798:11: Bye Bye [preauth]
May 12 12:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: Disconnected from 156.251.24.166 port 60798 [preauth]
May 12 12:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Failed password for root from 117.40.119.252 port 34970 ssh2
May 12 12:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Connection closed by 117.40.119.252 port 34970 [preauth]
May 12 12:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: Failed password for root from 117.40.119.252 port 36507 ssh2
May 12 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: Connection closed by 117.40.119.252 port 36507 [preauth]
May 12 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1398]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1397]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1399]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1400]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1400]: pam_unix(cron:session): session closed for user root
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1395]: pam_unix(cron:session): session closed for user p13x
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1492]: Successful su for rubyman by root
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1492]: + ??? root:rubyman
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378886 of user rubyman.
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1492]: pam_unix(su:session): session closed for user rubyman
May 12 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378886.
May 12 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Failed password for root from 117.40.119.252 port 38334 ssh2
May 12 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Connection closed by 117.40.119.252 port 38334 [preauth]
May 12 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1397]: pam_unix(cron:session): session closed for user root
May 12 12:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30499]: pam_unix(cron:session): session closed for user root
May 12 12:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Failed password for root from 218.92.0.179 port 27169 ssh2
May 12 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session closed for user samftp
May 12 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Failed password for root from 117.40.119.252 port 39638 ssh2
May 12 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Connection closed by 117.40.119.252 port 39638 [preauth]
May 12 12:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Failed password for root from 218.92.0.179 port 27169 ssh2
May 12 12:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Failed password for root from 218.92.0.179 port 27169 ssh2
May 12 12:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Received disconnect from 218.92.0.179 port 27169:11:  [preauth]
May 12 12:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Disconnected from 218.92.0.179 port 27169 [preauth]
May 12 12:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: Failed password for root from 117.40.119.252 port 41825 ssh2
May 12 12:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: Connection closed by 117.40.119.252 port 41825 [preauth]
May 12 12:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for root from 117.40.119.252 port 46488 ssh2
May 12 12:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Connection closed by 117.40.119.252 port 46488 [preauth]
May 12 12:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Failed password for root from 117.40.119.252 port 48107 ssh2
May 12 12:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Connection closed by 117.40.119.252 port 48107 [preauth]
May 12 12:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162  user=root
May 12 12:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Failed password for root from 117.40.119.252 port 50296 ssh2
May 12 12:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Connection closed by 117.40.119.252 port 50296 [preauth]
May 12 12:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: Failed password for root from 206.172.46.162 port 60611 ssh2
May 12 12:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: Received disconnect from 206.172.46.162 port 60611:11: Bye Bye [preauth]
May 12 12:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: Disconnected from 206.172.46.162 port 60611 [preauth]
May 12 12:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: Failed password for root from 117.40.119.252 port 51931 ssh2
May 12 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: Connection closed by 117.40.119.252 port 51931 [preauth]
May 12 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[357]: pam_unix(cron:session): session closed for user root
May 12 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1844]: Failed password for root from 117.40.119.252 port 53424 ssh2
May 12 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1844]: Connection closed by 117.40.119.252 port 53424 [preauth]
May 12 12:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: Failed password for root from 117.40.119.252 port 55080 ssh2
May 12 12:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: Connection closed by 117.40.119.252 port 55080 [preauth]
May 12 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Failed password for root from 117.40.119.252 port 56782 ssh2
May 12 12:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Connection closed by 117.40.119.252 port 56782 [preauth]
May 12 12:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: Failed password for root from 117.40.119.252 port 58349 ssh2
May 12 12:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: Connection closed by 117.40.119.252 port 58349 [preauth]
May 12 12:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Failed password for root from 117.40.119.252 port 60012 ssh2
May 12 12:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Connection closed by 117.40.119.252 port 60012 [preauth]
May 12 12:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2010]: Failed password for root from 117.40.119.252 port 35914 ssh2
May 12 12:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2010]: Connection closed by 117.40.119.252 port 35914 [preauth]
May 12 12:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2021]: Failed password for root from 117.40.119.252 port 37639 ssh2
May 12 12:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2021]: Connection closed by 117.40.119.252 port 37639 [preauth]
May 12 12:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2029]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2030]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2027]: pam_unix(cron:session): session closed for user p13x
May 12 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: Successful su for rubyman by root
May 12 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: + ??? root:rubyman
May 12 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378891 of user rubyman.
May 12 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: pam_unix(su:session): session closed for user rubyman
May 12 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378891.
May 12 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: Failed password for root from 117.40.119.252 port 39223 ssh2
May 12 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: Connection closed by 117.40.119.252 port 39223 [preauth]
May 12 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30930]: pam_unix(cron:session): session closed for user root
May 12 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2028]: pam_unix(cron:session): session closed for user samftp
May 12 12:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Failed password for root from 117.40.119.252 port 42844 ssh2
May 12 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Connection closed by 117.40.119.252 port 42844 [preauth]
May 12 12:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: Failed password for root from 117.40.119.252 port 45713 ssh2
May 12 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: Connection closed by 117.40.119.252 port 45713 [preauth]
May 12 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: Failed password for root from 117.40.119.252 port 47649 ssh2
May 12 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: Connection closed by 117.40.119.252 port 47649 [preauth]
May 12 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: Failed password for root from 117.40.119.252 port 49195 ssh2
May 12 12:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: Connection closed by 117.40.119.252 port 49195 [preauth]
May 12 12:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Failed password for root from 117.40.119.252 port 53160 ssh2
May 12 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Connection closed by 117.40.119.252 port 53160 [preauth]
May 12 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[877]: pam_unix(cron:session): session closed for user root
May 12 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: Failed password for root from 117.40.119.252 port 54623 ssh2
May 12 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: Connection closed by 117.40.119.252 port 54623 [preauth]
May 12 12:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Failed password for root from 117.40.119.252 port 56751 ssh2
May 12 12:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Connection closed by 117.40.119.252 port 56751 [preauth]
May 12 12:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Failed password for root from 117.40.119.252 port 58790 ssh2
May 12 12:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Connection closed by 117.40.119.252 port 58790 [preauth]
May 12 12:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: Failed password for root from 117.40.119.252 port 60944 ssh2
May 12 12:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: Connection closed by 117.40.119.252 port 60944 [preauth]
May 12 12:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: Failed password for root from 117.40.119.252 port 34858 ssh2
May 12 12:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: Connection closed by 117.40.119.252 port 34858 [preauth]
May 12 12:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: Failed password for root from 117.40.119.252 port 36862 ssh2
May 12 12:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: Connection closed by 117.40.119.252 port 36862 [preauth]
May 12 12:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Failed password for root from 117.40.119.252 port 38292 ssh2
May 12 12:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Connection closed by 117.40.119.252 port 38292 [preauth]
May 12 12:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2479]: Failed password for root from 117.40.119.252 port 39668 ssh2
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2479]: Connection closed by 117.40.119.252 port 39668 [preauth]
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2498]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2497]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2493]: pam_unix(cron:session): session closed for user p13x
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2560]: Successful su for rubyman by root
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2560]: + ??? root:rubyman
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378894 of user rubyman.
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2560]: pam_unix(su:session): session closed for user rubyman
May 12 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378894.
May 12 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session closed for user root
May 12 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: Invalid user  from 209.38.21.233
May 12 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: input_userauth_request: invalid user  [preauth]
May 12 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Failed password for root from 117.40.119.252 port 41250 ssh2
May 12 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Connection closed by 117.40.119.252 port 41250 [preauth]
May 12 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2496]: pam_unix(cron:session): session closed for user samftp
May 12 12:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: Failed password for root from 117.40.119.252 port 43496 ssh2
May 12 12:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: Connection closed by 117.40.119.252 port 43496 [preauth]
May 12 12:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: Failed password for root from 117.40.119.252 port 45313 ssh2
May 12 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: Connection closed by 117.40.119.252 port 45313 [preauth]
May 12 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: Connection closed by 209.38.21.233 port 41496 [preauth]
May 12 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Failed password for root from 117.40.119.252 port 46986 ssh2
May 12 12:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Connection closed by 117.40.119.252 port 46986 [preauth]
May 12 12:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Invalid user ftpadmin from 185.93.89.118
May 12 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: input_userauth_request: invalid user ftpadmin [preauth]
May 12 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 12:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Failed password for root from 117.40.119.252 port 53462 ssh2
May 12 12:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Failed password for invalid user ftpadmin from 185.93.89.118 port 61152 ssh2
May 12 12:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Connection closed by 117.40.119.252 port 53462 [preauth]
May 12 12:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Connection closed by 185.93.89.118 port 61152 [preauth]
May 12 12:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Failed password for root from 117.40.119.252 port 55311 ssh2
May 12 12:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Connection closed by 117.40.119.252 port 55311 [preauth]
May 12 12:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1399]: pam_unix(cron:session): session closed for user root
May 12 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Failed password for root from 117.40.119.252 port 56935 ssh2
May 12 12:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Connection closed by 117.40.119.252 port 56935 [preauth]
May 12 12:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: Failed password for root from 117.40.119.252 port 58794 ssh2
May 12 12:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: Connection closed by 117.40.119.252 port 58794 [preauth]
May 12 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: Invalid user odoo17 from 209.38.21.233
May 12 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: input_userauth_request: invalid user odoo17 [preauth]
May 12 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: Failed password for invalid user odoo17 from 209.38.21.233 port 40066 ssh2
May 12 12:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: Connection closed by 209.38.21.233 port 40066 [preauth]
May 12 12:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: Failed password for root from 117.40.119.252 port 60001 ssh2
May 12 12:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: Connection closed by 117.40.119.252 port 60001 [preauth]
May 12 12:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Invalid user ec2-user from 209.38.21.233
May 12 12:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: input_userauth_request: invalid user ec2-user [preauth]
May 12 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: Invalid user ftpuser1 from 185.93.89.118
May 12 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: input_userauth_request: invalid user ftpuser1 [preauth]
May 12 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 12:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Failed password for root from 117.40.119.252 port 33594 ssh2
May 12 12:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Failed password for invalid user ec2-user from 209.38.21.233 port 40068 ssh2
May 12 12:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Connection closed by 117.40.119.252 port 33594 [preauth]
May 12 12:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Connection closed by 209.38.21.233 port 40068 [preauth]
May 12 12:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: Failed password for invalid user ftpuser1 from 185.93.89.118 port 10606 ssh2
May 12 12:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: Failed password for root from 117.40.119.252 port 35069 ssh2
May 12 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: Connection closed by 117.40.119.252 port 35069 [preauth]
May 12 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Invalid user test from 209.38.21.233
May 12 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: input_userauth_request: invalid user test [preauth]
May 12 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: Connection closed by 185.93.89.118 port 10606 [preauth]
May 12 12:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Failed password for invalid user test from 209.38.21.233 port 45386 ssh2
May 12 12:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Connection closed by 209.38.21.233 port 45386 [preauth]
May 12 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Failed password for root from 117.40.119.252 port 36737 ssh2
May 12 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Connection closed by 117.40.119.252 port 36737 [preauth]
May 12 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Invalid user esuser from 209.38.21.233
May 12 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: input_userauth_request: invalid user esuser [preauth]
May 12 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user esuser from 209.38.21.233 port 45406 ssh2
May 12 12:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Connection closed by 209.38.21.233 port 45406 [preauth]
May 12 12:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Failed password for root from 117.40.119.252 port 38365 ssh2
May 12 12:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Connection closed by 117.40.119.252 port 38365 [preauth]
May 12 12:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: Invalid user tomcat from 209.38.21.233
May 12 12:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: input_userauth_request: invalid user tomcat [preauth]
May 12 12:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: Failed password for root from 117.40.119.252 port 40524 ssh2
May 12 12:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: Connection closed by 117.40.119.252 port 40524 [preauth]
May 12 12:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: Failed password for invalid user tomcat from 209.38.21.233 port 40102 ssh2
May 12 12:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2970]: Connection closed by 209.38.21.233 port 40102 [preauth]
May 12 12:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session closed for user p13x
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Invalid user testuser from 209.38.21.233
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: input_userauth_request: invalid user testuser [preauth]
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: Successful su for rubyman by root
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: + ??? root:rubyman
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378899 of user rubyman.
May 12 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: pam_unix(su:session): session closed for user rubyman
May 12 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378899.
May 12 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Invalid user ftptest from 185.93.89.118
May 12 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: input_userauth_request: invalid user ftptest [preauth]
May 12 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 12:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Failed password for root from 117.40.119.252 port 41798 ssh2
May 12 12:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Connection closed by 117.40.119.252 port 41798 [preauth]
May 12 12:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Failed password for invalid user testuser from 209.38.21.233 port 40118 ssh2
May 12 12:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Connection closed by 209.38.21.233 port 40118 [preauth]
May 12 12:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Failed password for invalid user ftptest from 185.93.89.118 port 41030 ssh2
May 12 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32069]: pam_unix(cron:session): session closed for user root
May 12 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Connection closed by 185.93.89.118 port 41030 [preauth]
May 12 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: Invalid user admin from 209.38.21.233
May 12 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: input_userauth_request: invalid user admin [preauth]
May 12 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session closed for user samftp
May 12 12:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: Failed password for root from 117.40.119.252 port 44582 ssh2
May 12 12:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: Connection closed by 117.40.119.252 port 44582 [preauth]
May 12 12:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: Failed password for invalid user admin from 209.38.21.233 port 44606 ssh2
May 12 12:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: Connection closed by 209.38.21.233 port 44606 [preauth]
May 12 12:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Failed password for root from 117.40.119.252 port 46502 ssh2
May 12 12:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Connection closed by 117.40.119.252 port 46502 [preauth]
May 12 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: Invalid user username from 209.38.21.233
May 12 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: input_userauth_request: invalid user username [preauth]
May 12 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: Failed password for invalid user username from 209.38.21.233 port 44616 ssh2
May 12 12:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: Connection closed by 209.38.21.233 port 44616 [preauth]
May 12 12:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Invalid user openvpn from 209.38.21.233
May 12 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: input_userauth_request: invalid user openvpn [preauth]
May 12 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Failed password for invalid user openvpn from 209.38.21.233 port 38146 ssh2
May 12 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Connection closed by 209.38.21.233 port 38146 [preauth]
May 12 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Failed password for root from 117.40.119.252 port 50244 ssh2
May 12 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Connection closed by 117.40.119.252 port 50244 [preauth]
May 12 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3228]: Invalid user ftptest from 185.93.89.118
May 12 12:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3228]: input_userauth_request: invalid user ftptest [preauth]
May 12 12:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3228]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 12:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3228]: Failed password for invalid user ftptest from 185.93.89.118 port 23380 ssh2
May 12 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Invalid user uftp from 209.38.21.233
May 12 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: input_userauth_request: invalid user uftp [preauth]
May 12 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: Failed password for root from 117.40.119.252 port 51767 ssh2
May 12 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: Connection closed by 117.40.119.252 port 51767 [preauth]
May 12 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3228]: Connection closed by 185.93.89.118 port 23380 [preauth]
May 12 12:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Failed password for invalid user uftp from 209.38.21.233 port 38158 ssh2
May 12 12:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Connection closed by 209.38.21.233 port 38158 [preauth]
May 12 12:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: Failed password for root from 117.40.119.252 port 53193 ssh2
May 12 12:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: Connection closed by 117.40.119.252 port 53193 [preauth]
May 12 12:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3316]: Invalid user wang from 209.38.21.233
May 12 12:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3316]: input_userauth_request: invalid user wang [preauth]
May 12 12:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3316]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3316]: Failed password for invalid user wang from 209.38.21.233 port 43776 ssh2
May 12 12:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3313]: Failed password for root from 117.40.119.252 port 54800 ssh2
May 12 12:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3316]: Connection closed by 209.38.21.233 port 43776 [preauth]
May 12 12:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3313]: Connection closed by 117.40.119.252 port 54800 [preauth]
May 12 12:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3330]: Failed password for root from 117.40.119.252 port 56193 ssh2
May 12 12:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3330]: Connection closed by 117.40.119.252 port 56193 [preauth]
May 12 12:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: Failed password for root from 209.38.21.233 port 43782 ssh2
May 12 12:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: Connection closed by 209.38.21.233 port 43782 [preauth]
May 12 12:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: Invalid user ftptest1 from 185.93.89.118
May 12 12:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: input_userauth_request: invalid user ftptest1 [preauth]
May 12 12:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2030]: pam_unix(cron:session): session closed for user root
May 12 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3384]: Invalid user jfedu1 from 209.38.21.233
May 12 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3384]: input_userauth_request: invalid user jfedu1 [preauth]
May 12 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3384]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: Failed password for invalid user ftptest1 from 185.93.89.118 port 22624 ssh2
May 12 12:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3384]: Failed password for invalid user jfedu1 from 209.38.21.233 port 43790 ssh2
May 12 12:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3384]: Connection closed by 209.38.21.233 port 43790 [preauth]
May 12 12:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: Connection closed by 185.93.89.118 port 22624 [preauth]
May 12 12:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: User mysql from 209.38.21.233 not allowed because not listed in AllowUsers
May 12 12:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: input_userauth_request: invalid user mysql [preauth]
May 12 12:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3411]: Failed password for root from 117.40.119.252 port 60092 ssh2
May 12 12:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3411]: Connection closed by 117.40.119.252 port 60092 [preauth]
May 12 12:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=mysql
May 12 12:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: Failed password for invalid user mysql from 209.38.21.233 port 50242 ssh2
May 12 12:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: Connection closed by 209.38.21.233 port 50242 [preauth]
May 12 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Invalid user lsfadmin from 209.38.21.233
May 12 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: input_userauth_request: invalid user lsfadmin [preauth]
May 12 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Failed password for invalid user lsfadmin from 209.38.21.233 port 50252 ssh2
May 12 12:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Connection closed by 209.38.21.233 port 50252 [preauth]
May 12 12:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Failed password for root from 117.40.119.252 port 36001 ssh2
May 12 12:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Connection closed by 117.40.119.252 port 36001 [preauth]
May 12 12:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: Failed password for root from 117.40.119.252 port 37244 ssh2
May 12 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: Failed password for root from 209.38.21.233 port 40612 ssh2
May 12 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: Connection closed by 117.40.119.252 port 37244 [preauth]
May 12 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: Connection closed by 209.38.21.233 port 40612 [preauth]
May 12 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Invalid user runner from 209.38.21.233
May 12 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: input_userauth_request: invalid user runner [preauth]
May 12 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Failed password for invalid user runner from 209.38.21.233 port 40614 ssh2
May 12 12:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Connection closed by 209.38.21.233 port 40614 [preauth]
May 12 12:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Invalid user stream from 209.38.21.233
May 12 12:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: input_userauth_request: invalid user stream [preauth]
May 12 12:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: Failed password for root from 117.40.119.252 port 41455 ssh2
May 12 12:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: Connection closed by 117.40.119.252 port 41455 [preauth]
May 12 12:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Failed password for invalid user stream from 209.38.21.233 port 59714 ssh2
May 12 12:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Connection closed by 209.38.21.233 port 59714 [preauth]
May 12 12:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3522]: Failed password for root from 117.40.119.252 port 42949 ssh2
May 12 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3522]: Connection closed by 117.40.119.252 port 42949 [preauth]
May 12 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3530]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3529]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3527]: pam_unix(cron:session): session closed for user p13x
May 12 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3620]: Successful su for rubyman by root
May 12 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3620]: + ??? root:rubyman
May 12 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378901 of user rubyman.
May 12 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3620]: pam_unix(su:session): session closed for user rubyman
May 12 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378901.
May 12 12:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3524]: Failed password for root from 209.38.21.233 port 59726 ssh2
May 12 12:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3524]: Connection closed by 209.38.21.233 port 59726 [preauth]
May 12 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[356]: pam_unix(cron:session): session closed for user root
May 12 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: Invalid user sonar from 209.38.21.233
May 12 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: input_userauth_request: invalid user sonar [preauth]
May 12 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3528]: pam_unix(cron:session): session closed for user samftp
May 12 12:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: Failed password for root from 117.40.119.252 port 44644 ssh2
May 12 12:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: Connection closed by 117.40.119.252 port 44644 [preauth]
May 12 12:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: Failed password for invalid user sonar from 209.38.21.233 port 57000 ssh2
May 12 12:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: Connection closed by 209.38.21.233 port 57000 [preauth]
May 12 12:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: Invalid user uftp from 209.38.21.233
May 12 12:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: input_userauth_request: invalid user uftp [preauth]
May 12 12:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: Failed password for invalid user uftp from 209.38.21.233 port 57006 ssh2
May 12 12:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: Connection closed by 209.38.21.233 port 57006 [preauth]
May 12 12:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3814]: Failed password for root from 117.40.119.252 port 47878 ssh2
May 12 12:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3814]: Connection closed by 117.40.119.252 port 47878 [preauth]
May 12 12:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: Failed password for root from 209.38.21.233 port 44056 ssh2
May 12 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: Connection closed by 209.38.21.233 port 44056 [preauth]
May 12 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Failed password for root from 117.40.119.252 port 50767 ssh2
May 12 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Connection closed by 117.40.119.252 port 50767 [preauth]
May 12 12:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Invalid user jumpserver from 209.38.21.233
May 12 12:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: input_userauth_request: invalid user jumpserver [preauth]
May 12 12:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Failed password for invalid user jumpserver from 209.38.21.233 port 44068 ssh2
May 12 12:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Connection closed by 209.38.21.233 port 44068 [preauth]
May 12 12:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: Failed password for root from 117.40.119.252 port 52113 ssh2
May 12 12:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: Connection closed by 117.40.119.252 port 52113 [preauth]
May 12 12:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3861]: Invalid user deployer from 209.38.21.233
May 12 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3861]: input_userauth_request: invalid user deployer [preauth]
May 12 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3861]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Failed password for root from 117.40.119.252 port 55087 ssh2
May 12 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3861]: Failed password for invalid user deployer from 209.38.21.233 port 44094 ssh2
May 12 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Connection closed by 117.40.119.252 port 55087 [preauth]
May 12 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3861]: Connection closed by 209.38.21.233 port 44094 [preauth]
May 12 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Failed password for root from 117.40.119.252 port 56574 ssh2
May 12 12:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Connection closed by 117.40.119.252 port 56574 [preauth]
May 12 12:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Failed password for root from 209.38.21.233 port 39884 ssh2
May 12 12:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Connection closed by 209.38.21.233 port 39884 [preauth]
May 12 12:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: Invalid user ansible from 209.38.21.233
May 12 12:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: input_userauth_request: invalid user ansible [preauth]
May 12 12:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: Failed password for root from 117.40.119.252 port 57774 ssh2
May 12 12:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: Connection closed by 117.40.119.252 port 57774 [preauth]
May 12 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2498]: pam_unix(cron:session): session closed for user root
May 12 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: Failed password for invalid user ansible from 209.38.21.233 port 39892 ssh2
May 12 12:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: Connection closed by 209.38.21.233 port 39892 [preauth]
May 12 12:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: Failed password for root from 117.40.119.252 port 59822 ssh2
May 12 12:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: Connection closed by 117.40.119.252 port 59822 [preauth]
May 12 12:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: Invalid user dev from 209.38.21.233
May 12 12:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: input_userauth_request: invalid user dev [preauth]
May 12 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: Failed password for invalid user dev from 209.38.21.233 port 35342 ssh2
May 12 12:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: Connection closed by 209.38.21.233 port 35342 [preauth]
May 12 12:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3948]: Failed password for root from 117.40.119.252 port 33763 ssh2
May 12 12:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3948]: Connection closed by 117.40.119.252 port 33763 [preauth]
May 12 12:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: Invalid user gpadmin from 209.38.21.233
May 12 12:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: input_userauth_request: invalid user gpadmin [preauth]
May 12 12:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: Failed password for invalid user gpadmin from 209.38.21.233 port 35366 ssh2
May 12 12:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: Connection closed by 209.38.21.233 port 35366 [preauth]
May 12 12:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4008]: Invalid user sadmin from 209.38.21.233
May 12 12:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4008]: input_userauth_request: invalid user sadmin [preauth]
May 12 12:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4008]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Failed password for root from 117.40.119.252 port 35196 ssh2
May 12 12:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Connection closed by 117.40.119.252 port 35196 [preauth]
May 12 12:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4008]: Failed password for invalid user sadmin from 209.38.21.233 port 55874 ssh2
May 12 12:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4008]: Connection closed by 209.38.21.233 port 55874 [preauth]
May 12 12:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: Failed password for root from 117.40.119.252 port 38627 ssh2
May 12 12:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: Connection closed by 117.40.119.252 port 38627 [preauth]
May 12 12:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: Failed password for root from 209.38.21.233 port 55882 ssh2
May 12 12:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: Connection closed by 209.38.21.233 port 55882 [preauth]
May 12 12:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Invalid user admin from 209.38.21.233
May 12 12:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: input_userauth_request: invalid user admin [preauth]
May 12 12:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Failed password for invalid user admin from 209.38.21.233 port 36930 ssh2
May 12 12:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Connection closed by 209.38.21.233 port 36930 [preauth]
May 12 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: Failed password for root from 117.40.119.252 port 42584 ssh2
May 12 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: Connection closed by 117.40.119.252 port 42584 [preauth]
May 12 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Invalid user admin from 209.38.21.233
May 12 12:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: input_userauth_request: invalid user admin [preauth]
May 12 12:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Failed password for root from 117.40.119.252 port 44336 ssh2
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4058]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4055]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4057]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4056]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4058]: pam_unix(cron:session): session closed for user root
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4053]: pam_unix(cron:session): session closed for user p13x
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Connection closed by 117.40.119.252 port 44336 [preauth]
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Failed password for invalid user admin from 209.38.21.233 port 36932 ssh2
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: Successful su for rubyman by root
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: + ??? root:rubyman
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378905 of user rubyman.
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: pam_unix(su:session): session closed for user rubyman
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378905.
May 12 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Connection closed by 209.38.21.233 port 36932 [preauth]
May 12 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Invalid user gitlab-runner from 209.38.21.233
May 12 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: input_userauth_request: invalid user gitlab-runner [preauth]
May 12 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4055]: pam_unix(cron:session): session closed for user root
May 12 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: Failed password for root from 117.40.119.252 port 46121 ssh2
May 12 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[875]: pam_unix(cron:session): session closed for user root
May 12 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: Connection closed by 117.40.119.252 port 46121 [preauth]
May 12 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Failed password for invalid user gitlab-runner from 209.38.21.233 port 36940 ssh2
May 12 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Connection closed by 209.38.21.233 port 36940 [preauth]
May 12 12:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4054]: pam_unix(cron:session): session closed for user samftp
May 12 12:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: Invalid user ranger from 209.38.21.233
May 12 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: input_userauth_request: invalid user ranger [preauth]
May 12 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: Failed password for invalid user ranger from 209.38.21.233 port 37636 ssh2
May 12 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: Connection closed by 209.38.21.233 port 37636 [preauth]
May 12 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: Failed password for root from 117.40.119.252 port 47648 ssh2
May 12 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: Connection closed by 117.40.119.252 port 47648 [preauth]
May 12 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: Invalid user data from 209.38.21.233
May 12 12:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: input_userauth_request: invalid user data [preauth]
May 12 12:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Failed password for root from 117.40.119.252 port 50449 ssh2
May 12 12:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Connection closed by 117.40.119.252 port 50449 [preauth]
May 12 12:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: Failed password for invalid user data from 209.38.21.233 port 37638 ssh2
May 12 12:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: Connection closed by 209.38.21.233 port 37638 [preauth]
May 12 12:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Failed password for root from 117.40.119.252 port 52242 ssh2
May 12 12:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Connection closed by 117.40.119.252 port 52242 [preauth]
May 12 12:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: Failed password for root from 209.38.21.233 port 49006 ssh2
May 12 12:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: Connection closed by 209.38.21.233 port 49006 [preauth]
May 12 12:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Invalid user centos from 209.38.21.233
May 12 12:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: input_userauth_request: invalid user centos [preauth]
May 12 12:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Invalid user suraj from 206.172.46.162
May 12 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: input_userauth_request: invalid user suraj [preauth]
May 12 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162
May 12 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4553]: Failed password for root from 117.40.119.252 port 53930 ssh2
May 12 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4553]: Connection closed by 117.40.119.252 port 53930 [preauth]
May 12 12:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Failed password for invalid user centos from 209.38.21.233 port 49008 ssh2
May 12 12:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Connection closed by 209.38.21.233 port 49008 [preauth]
May 12 12:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Failed password for invalid user suraj from 206.172.46.162 port 56545 ssh2
May 12 12:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Received disconnect from 206.172.46.162 port 56545:11: Bye Bye [preauth]
May 12 12:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Disconnected from 206.172.46.162 port 56545 [preauth]
May 12 12:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4583]: Invalid user ec2-user from 209.38.21.233
May 12 12:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4583]: input_userauth_request: invalid user ec2-user [preauth]
May 12 12:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4583]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4583]: Failed password for invalid user ec2-user from 209.38.21.233 port 47976 ssh2
May 12 12:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4583]: Connection closed by 209.38.21.233 port 47976 [preauth]
May 12 12:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: Failed password for root from 117.40.119.252 port 57039 ssh2
May 12 12:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: Connection closed by 117.40.119.252 port 57039 [preauth]
May 12 12:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: Invalid user esroot from 209.38.21.233
May 12 12:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: input_userauth_request: invalid user esroot [preauth]
May 12 12:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: Failed password for root from 117.40.119.252 port 59981 ssh2
May 12 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: Connection closed by 117.40.119.252 port 59981 [preauth]
May 12 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: Failed password for invalid user esroot from 209.38.21.233 port 47982 ssh2
May 12 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: Connection closed by 209.38.21.233 port 47982 [preauth]
May 12 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session closed for user root
May 12 12:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Invalid user nginx from 209.38.21.233
May 12 12:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: input_userauth_request: invalid user nginx [preauth]
May 12 12:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Failed password for root from 117.40.119.252 port 33317 ssh2
May 12 12:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Connection closed by 117.40.119.252 port 33317 [preauth]
May 12 12:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Failed password for invalid user nginx from 209.38.21.233 port 53314 ssh2
May 12 12:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Connection closed by 209.38.21.233 port 53314 [preauth]
May 12 12:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: Failed password for root from 117.40.119.252 port 34974 ssh2
May 12 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: Connection closed by 117.40.119.252 port 34974 [preauth]
May 12 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: Failed password for root from 209.38.21.233 port 53328 ssh2
May 12 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: Connection closed by 209.38.21.233 port 53328 [preauth]
May 12 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Failed password for root from 117.40.119.252 port 36692 ssh2
May 12 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Connection closed by 117.40.119.252 port 36692 [preauth]
May 12 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Invalid user testuser from 209.38.21.233
May 12 12:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: input_userauth_request: invalid user testuser [preauth]
May 12 12:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Failed password for root from 117.40.119.252 port 38236 ssh2
May 12 12:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Connection closed by 117.40.119.252 port 38236 [preauth]
May 12 12:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Failed password for invalid user testuser from 209.38.21.233 port 35868 ssh2
May 12 12:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Connection closed by 209.38.21.233 port 35868 [preauth]
May 12 12:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Invalid user guest from 209.38.21.233
May 12 12:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: input_userauth_request: invalid user guest [preauth]
May 12 12:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Failed password for root from 117.40.119.252 port 39643 ssh2
May 12 12:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Connection closed by 117.40.119.252 port 39643 [preauth]
May 12 12:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Failed password for invalid user guest from 209.38.21.233 port 35884 ssh2
May 12 12:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Connection closed by 209.38.21.233 port 35884 [preauth]
May 12 12:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Failed password for root from 117.40.119.252 port 41381 ssh2
May 12 12:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Connection closed by 117.40.119.252 port 41381 [preauth]
May 12 12:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Invalid user yealink from 209.38.21.233
May 12 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: input_userauth_request: invalid user yealink [preauth]
May 12 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Failed password for invalid user yealink from 209.38.21.233 port 35910 ssh2
May 12 12:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Failed password for root from 117.40.119.252 port 42727 ssh2
May 12 12:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Connection closed by 117.40.119.252 port 42727 [preauth]
May 12 12:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Connection closed by 209.38.21.233 port 35910 [preauth]
May 12 12:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Invalid user solr from 209.38.21.233
May 12 12:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: input_userauth_request: invalid user solr [preauth]
May 12 12:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Failed password for invalid user solr from 209.38.21.233 port 35068 ssh2
May 12 12:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Failed password for root from 117.40.119.252 port 44391 ssh2
May 12 12:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Connection closed by 209.38.21.233 port 35068 [preauth]
May 12 12:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Connection closed by 117.40.119.252 port 44391 [preauth]
May 12 12:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4720]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4722]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4718]: pam_unix(cron:session): session closed for user p13x
May 12 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4796]: Successful su for rubyman by root
May 12 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4796]: + ??? root:rubyman
May 12 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378912 of user rubyman.
May 12 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4796]: pam_unix(su:session): session closed for user rubyman
May 12 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378912.
May 12 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: Invalid user developer from 209.38.21.233
May 12 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: input_userauth_request: invalid user developer [preauth]
May 12 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: Failed password for root from 117.40.119.252 port 46434 ssh2
May 12 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: Connection closed by 117.40.119.252 port 46434 [preauth]
May 12 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: Failed password for invalid user developer from 209.38.21.233 port 35090 ssh2
May 12 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: Connection closed by 209.38.21.233 port 35090 [preauth]
May 12 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1398]: pam_unix(cron:session): session closed for user root
May 12 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4719]: pam_unix(cron:session): session closed for user samftp
May 12 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: Invalid user dolphinscheduler from 209.38.21.233
May 12 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Failed password for root from 117.40.119.252 port 48187 ssh2
May 12 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Connection closed by 117.40.119.252 port 48187 [preauth]
May 12 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: Failed password for invalid user dolphinscheduler from 209.38.21.233 port 42654 ssh2
May 12 12:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: Connection closed by 209.38.21.233 port 42654 [preauth]
May 12 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Failed password for root from 117.40.119.252 port 49736 ssh2
May 12 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Connection closed by 117.40.119.252 port 49736 [preauth]
May 12 12:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5192]: Failed password for root from 209.38.21.233 port 42662 ssh2
May 12 12:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5192]: Connection closed by 209.38.21.233 port 42662 [preauth]
May 12 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Invalid user opc from 209.38.21.233
May 12 12:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: input_userauth_request: invalid user opc [preauth]
May 12 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Failed password for root from 117.40.119.252 port 51269 ssh2
May 12 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Connection closed by 117.40.119.252 port 51269 [preauth]
May 12 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Failed password for invalid user opc from 209.38.21.233 port 59154 ssh2
May 12 12:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Connection closed by 209.38.21.233 port 59154 [preauth]
May 12 12:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: Failed password for root from 117.40.119.252 port 54038 ssh2
May 12 12:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: Connection closed by 117.40.119.252 port 54038 [preauth]
May 12 12:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: Failed password for root from 117.40.119.252 port 55502 ssh2
May 12 12:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: Failed password for root from 209.38.21.233 port 59176 ssh2
May 12 12:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: Connection closed by 117.40.119.252 port 55502 [preauth]
May 12 12:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: Connection closed by 209.38.21.233 port 59176 [preauth]
May 12 12:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: Invalid user ubuntu from 209.38.21.233
May 12 12:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: input_userauth_request: invalid user ubuntu [preauth]
May 12 12:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Failed password for root from 117.40.119.252 port 57004 ssh2
May 12 12:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Connection closed by 117.40.119.252 port 57004 [preauth]
May 12 12:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: Failed password for invalid user ubuntu from 209.38.21.233 port 59690 ssh2
May 12 12:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: Connection closed by 209.38.21.233 port 59690 [preauth]
May 12 12:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: Invalid user tom from 209.38.21.233
May 12 12:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: input_userauth_request: invalid user tom [preauth]
May 12 12:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: Failed password for root from 117.40.119.252 port 58516 ssh2
May 12 12:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: Connection closed by 117.40.119.252 port 58516 [preauth]
May 12 12:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: Failed password for invalid user tom from 209.38.21.233 port 59692 ssh2
May 12 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: Connection closed by 209.38.21.233 port 59692 [preauth]
May 12 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5288]: Failed password for root from 117.40.119.252 port 60629 ssh2
May 12 12:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Invalid user mongo from 209.38.21.233
May 12 12:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: input_userauth_request: invalid user mongo [preauth]
May 12 12:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3530]: pam_unix(cron:session): session closed for user root
May 12 12:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5288]: Connection closed by 117.40.119.252 port 60629 [preauth]
May 12 12:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Failed password for invalid user mongo from 209.38.21.233 port 59706 ssh2
May 12 12:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Connection closed by 209.38.21.233 port 59706 [preauth]
May 12 12:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: Invalid user nexus from 209.38.21.233
May 12 12:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: input_userauth_request: invalid user nexus [preauth]
May 12 12:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Failed password for root from 117.40.119.252 port 34016 ssh2
May 12 12:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Connection closed by 117.40.119.252 port 34016 [preauth]
May 12 12:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: Failed password for invalid user nexus from 209.38.21.233 port 45944 ssh2
May 12 12:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: Connection closed by 209.38.21.233 port 45944 [preauth]
May 12 12:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: Failed password for root from 117.40.119.252 port 36296 ssh2
May 12 12:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: Connection closed by 117.40.119.252 port 36296 [preauth]
May 12 12:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Failed password for root from 209.38.21.233 port 45958 ssh2
May 12 12:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Connection closed by 209.38.21.233 port 45958 [preauth]
May 12 12:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5360]: Failed password for root from 117.40.119.252 port 39305 ssh2
May 12 12:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5360]: Connection closed by 117.40.119.252 port 39305 [preauth]
May 12 12:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Failed password for root from 209.38.21.233 port 34810 ssh2
May 12 12:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Connection closed by 209.38.21.233 port 34810 [preauth]
May 12 12:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5372]: Invalid user dmdba from 209.38.21.233
May 12 12:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5372]: input_userauth_request: invalid user dmdba [preauth]
May 12 12:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5372]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5372]: Failed password for invalid user dmdba from 209.38.21.233 port 34816 ssh2
May 12 12:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5372]: Connection closed by 209.38.21.233 port 34816 [preauth]
May 12 12:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: Failed password for root from 117.40.119.252 port 41070 ssh2
May 12 12:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: Connection closed by 117.40.119.252 port 41070 [preauth]
May 12 12:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166  user=root
May 12 12:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: Invalid user git from 209.38.21.233
May 12 12:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: input_userauth_request: invalid user git [preauth]
May 12 12:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: Failed password for root from 156.251.24.166 port 41490 ssh2
May 12 12:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: Received disconnect from 156.251.24.166 port 41490:11: Bye Bye [preauth]
May 12 12:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: Disconnected from 156.251.24.166 port 41490 [preauth]
May 12 12:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5380]: Failed password for root from 117.40.119.252 port 43924 ssh2
May 12 12:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5380]: Connection closed by 117.40.119.252 port 43924 [preauth]
May 12 12:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: Failed password for invalid user git from 209.38.21.233 port 39398 ssh2
May 12 12:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: Connection closed by 209.38.21.233 port 39398 [preauth]
May 12 12:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session closed for user p13x
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5481]: Successful su for rubyman by root
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5481]: + ??? root:rubyman
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378916 of user rubyman.
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5396]: Failed password for root from 117.40.119.252 port 45604 ssh2
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5481]: pam_unix(su:session): session closed for user rubyman
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378916.
May 12 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5396]: Connection closed by 117.40.119.252 port 45604 [preauth]
May 12 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5398]: Failed password for root from 209.38.21.233 port 39408 ssh2
May 12 12:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5398]: Connection closed by 209.38.21.233 port 39408 [preauth]
May 12 12:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2029]: pam_unix(cron:session): session closed for user root
May 12 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Failed password for root from 117.40.119.252 port 47351 ssh2
May 12 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: Invalid user g from 209.38.21.233
May 12 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: input_userauth_request: invalid user g [preauth]
May 12 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Connection closed by 117.40.119.252 port 47351 [preauth]
May 12 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Failed password for root from 218.92.0.179 port 63794 ssh2
May 12 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session closed for user samftp
May 12 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: Failed password for invalid user g from 209.38.21.233 port 45966 ssh2
May 12 12:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: Connection closed by 209.38.21.233 port 45966 [preauth]
May 12 12:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Failed password for root from 218.92.0.179 port 63794 ssh2
May 12 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: Failed password for root from 117.40.119.252 port 49174 ssh2
May 12 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: Connection closed by 117.40.119.252 port 49174 [preauth]
May 12 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: Invalid user git from 209.38.21.233
May 12 12:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: input_userauth_request: invalid user git [preauth]
May 12 12:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Failed password for root from 218.92.0.179 port 63794 ssh2
May 12 12:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Received disconnect from 218.92.0.179 port 63794:11:  [preauth]
May 12 12:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Disconnected from 218.92.0.179 port 63794 [preauth]
May 12 12:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: Failed password for invalid user git from 209.38.21.233 port 45972 ssh2
May 12 12:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: Connection closed by 209.38.21.233 port 45972 [preauth]
May 12 12:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: Failed password for root from 117.40.119.252 port 50762 ssh2
May 12 12:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: Connection closed by 117.40.119.252 port 50762 [preauth]
May 12 12:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: Invalid user debian from 209.38.21.233
May 12 12:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: input_userauth_request: invalid user debian [preauth]
May 12 12:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Failed password for root from 117.40.119.252 port 52891 ssh2
May 12 12:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: Failed password for invalid user debian from 209.38.21.233 port 44398 ssh2
May 12 12:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Connection closed by 117.40.119.252 port 52891 [preauth]
May 12 12:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: Connection closed by 209.38.21.233 port 44398 [preauth]
May 12 12:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Invalid user steam from 209.38.21.233
May 12 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: input_userauth_request: invalid user steam [preauth]
May 12 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Failed password for root from 117.40.119.252 port 54435 ssh2
May 12 12:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Connection closed by 117.40.119.252 port 54435 [preauth]
May 12 12:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Failed password for invalid user steam from 209.38.21.233 port 44404 ssh2
May 12 12:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Connection closed by 209.38.21.233 port 44404 [preauth]
May 12 12:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Failed password for root from 80.94.95.125 port 36918 ssh2
May 12 12:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Received disconnect from 80.94.95.125 port 36918:11: Bye [preauth]
May 12 12:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Disconnected from 80.94.95.125 port 36918 [preauth]
May 12 12:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: Invalid user hadoop from 209.38.21.233
May 12 12:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: input_userauth_request: invalid user hadoop [preauth]
May 12 12:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: Failed password for root from 117.40.119.252 port 56106 ssh2
May 12 12:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: Connection closed by 117.40.119.252 port 56106 [preauth]
May 12 12:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: Failed password for invalid user hadoop from 209.38.21.233 port 44416 ssh2
May 12 12:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: Connection closed by 209.38.21.233 port 44416 [preauth]
May 12 12:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: Failed password for root from 117.40.119.252 port 57901 ssh2
May 12 12:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: Connection closed by 117.40.119.252 port 57901 [preauth]
May 12 12:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5894]: Invalid user user from 209.38.21.233
May 12 12:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5894]: input_userauth_request: invalid user user [preauth]
May 12 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5894]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Failed password for root from 117.40.119.252 port 59363 ssh2
May 12 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Connection closed by 117.40.119.252 port 59363 [preauth]
May 12 12:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5894]: Failed password for invalid user user from 209.38.21.233 port 48532 ssh2
May 12 12:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5894]: Connection closed by 209.38.21.233 port 48532 [preauth]
May 12 12:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5902]: User mysql from 209.38.21.233 not allowed because not listed in AllowUsers
May 12 12:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5902]: input_userauth_request: invalid user mysql [preauth]
May 12 12:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=mysql
May 12 12:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4057]: pam_unix(cron:session): session closed for user root
May 12 12:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5902]: Failed password for invalid user mysql from 209.38.21.233 port 48544 ssh2
May 12 12:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5902]: Connection closed by 209.38.21.233 port 48544 [preauth]
May 12 12:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Failed password for root from 117.40.119.252 port 34781 ssh2
May 12 12:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Connection closed by 117.40.119.252 port 34781 [preauth]
May 12 12:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Invalid user user from 209.38.21.233
May 12 12:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: input_userauth_request: invalid user user [preauth]
May 12 12:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Failed password for invalid user user from 209.38.21.233 port 48414 ssh2
May 12 12:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Connection closed by 209.38.21.233 port 48414 [preauth]
May 12 12:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: Failed password for root from 117.40.119.252 port 36336 ssh2
May 12 12:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: Connection closed by 117.40.119.252 port 36336 [preauth]
May 12 12:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Invalid user elsearch from 209.38.21.233
May 12 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: input_userauth_request: invalid user elsearch [preauth]
May 12 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Failed password for invalid user elsearch from 209.38.21.233 port 48430 ssh2
May 12 12:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Connection closed by 209.38.21.233 port 48430 [preauth]
May 12 12:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Failed password for root from 117.40.119.252 port 38247 ssh2
May 12 12:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Connection closed by 117.40.119.252 port 38247 [preauth]
May 12 12:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Invalid user user1 from 209.38.21.233
May 12 12:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: input_userauth_request: invalid user user1 [preauth]
May 12 12:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Failed password for invalid user user1 from 209.38.21.233 port 55386 ssh2
May 12 12:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Failed password for root from 117.40.119.252 port 40351 ssh2
May 12 12:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Connection closed by 209.38.21.233 port 55386 [preauth]
May 12 12:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Connection closed by 117.40.119.252 port 40351 [preauth]
May 12 12:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Invalid user es from 209.38.21.233
May 12 12:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: input_userauth_request: invalid user es [preauth]
May 12 12:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Failed password for root from 117.40.119.252 port 41928 ssh2
May 12 12:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Connection closed by 117.40.119.252 port 41928 [preauth]
May 12 12:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Failed password for invalid user es from 209.38.21.233 port 55396 ssh2
May 12 12:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Connection closed by 209.38.21.233 port 55396 [preauth]
May 12 12:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: Failed password for root from 117.40.119.252 port 43409 ssh2
May 12 12:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: Connection closed by 117.40.119.252 port 43409 [preauth]
May 12 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: Invalid user ubnt from 209.38.21.233
May 12 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: input_userauth_request: invalid user ubnt [preauth]
May 12 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Failed password for root from 117.40.119.252 port 44758 ssh2
May 12 12:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: Failed password for invalid user ubnt from 209.38.21.233 port 55226 ssh2
May 12 12:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Connection closed by 117.40.119.252 port 44758 [preauth]
May 12 12:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: Connection closed by 209.38.21.233 port 55226 [preauth]
May 12 12:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Invalid user zabbix from 209.38.21.233
May 12 12:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: input_userauth_request: invalid user zabbix [preauth]
May 12 12:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6034]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session closed for user p13x
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Failed password for invalid user zabbix from 209.38.21.233 port 55236 ssh2
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6094]: Successful su for rubyman by root
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6094]: + ??? root:rubyman
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378920 of user rubyman.
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6094]: pam_unix(su:session): session closed for user rubyman
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378920.
May 12 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Connection closed by 209.38.21.233 port 55236 [preauth]
May 12 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: Invalid user lighthouse from 209.38.21.233
May 12 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: input_userauth_request: invalid user lighthouse [preauth]
May 12 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2497]: pam_unix(cron:session): session closed for user root
May 12 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: Failed password for invalid user lighthouse from 209.38.21.233 port 55258 ssh2
May 12 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6032]: pam_unix(cron:session): session closed for user samftp
May 12 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: Connection closed by 209.38.21.233 port 55258 [preauth]
May 12 12:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: User backup from 209.38.21.233 not allowed because not listed in AllowUsers
May 12 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: input_userauth_request: invalid user backup [preauth]
May 12 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=backup
May 12 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: Failed password for invalid user backup from 209.38.21.233 port 57492 ssh2
May 12 12:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: Connection closed by 209.38.21.233 port 57492 [preauth]
May 12 12:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Failed password for root from 117.40.119.252 port 51475 ssh2
May 12 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Connection closed by 117.40.119.252 port 51475 [preauth]
May 12 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Invalid user apache from 209.38.21.233
May 12 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: input_userauth_request: invalid user apache [preauth]
May 12 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Failed password for invalid user apache from 209.38.21.233 port 57498 ssh2
May 12 12:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Connection closed by 209.38.21.233 port 57498 [preauth]
May 12 12:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: Failed password for root from 117.40.119.252 port 53482 ssh2
May 12 12:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: Connection closed by 117.40.119.252 port 53482 [preauth]
May 12 12:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6335]: Invalid user postgres from 209.38.21.233
May 12 12:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6335]: input_userauth_request: invalid user postgres [preauth]
May 12 12:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6335]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6333]: Failed password for root from 117.40.119.252 port 55580 ssh2
May 12 12:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6333]: Connection closed by 117.40.119.252 port 55580 [preauth]
May 12 12:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6335]: Failed password for invalid user postgres from 209.38.21.233 port 35056 ssh2
May 12 12:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6335]: Connection closed by 209.38.21.233 port 35056 [preauth]
May 12 12:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Invalid user dspace from 209.38.21.233
May 12 12:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: input_userauth_request: invalid user dspace [preauth]
May 12 12:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: Failed password for root from 117.40.119.252 port 57330 ssh2
May 12 12:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: Connection closed by 117.40.119.252 port 57330 [preauth]
May 12 12:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Failed password for invalid user dspace from 209.38.21.233 port 35068 ssh2
May 12 12:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Connection closed by 209.38.21.233 port 35068 [preauth]
May 12 12:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Failed password for root from 117.40.119.252 port 59006 ssh2
May 12 12:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Connection closed by 117.40.119.252 port 59006 [preauth]
May 12 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Invalid user gadmin from 190.103.202.7
May 12 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: input_userauth_request: invalid user gadmin [preauth]
May 12 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Failed password for root from 209.38.21.233 port 52968 ssh2
May 12 12:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Connection closed by 209.38.21.233 port 52968 [preauth]
May 12 12:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Failed password for invalid user gadmin from 190.103.202.7 port 47408 ssh2
May 12 12:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Connection closed by 190.103.202.7 port 47408 [preauth]
May 12 12:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Failed password for root from 117.40.119.252 port 60534 ssh2
May 12 12:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Connection closed by 117.40.119.252 port 60534 [preauth]
May 12 12:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Invalid user apache from 209.38.21.233
May 12 12:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: input_userauth_request: invalid user apache [preauth]
May 12 12:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Failed password for invalid user apache from 209.38.21.233 port 52976 ssh2
May 12 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Connection closed by 209.38.21.233 port 52976 [preauth]
May 12 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Failed password for root from 117.40.119.252 port 34504 ssh2
May 12 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Connection closed by 117.40.119.252 port 34504 [preauth]
May 12 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4722]: pam_unix(cron:session): session closed for user root
May 12 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: Invalid user weblogic from 209.38.21.233
May 12 12:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: input_userauth_request: invalid user weblogic [preauth]
May 12 12:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: Failed password for root from 117.40.119.252 port 36242 ssh2
May 12 12:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: Connection closed by 117.40.119.252 port 36242 [preauth]
May 12 12:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: Failed password for invalid user weblogic from 209.38.21.233 port 37806 ssh2
May 12 12:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: Connection closed by 209.38.21.233 port 37806 [preauth]
May 12 12:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: Failed password for root from 117.40.119.252 port 37993 ssh2
May 12 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: Connection closed by 117.40.119.252 port 37993 [preauth]
May 12 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Failed password for root from 209.38.21.233 port 37816 ssh2
May 12 12:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Connection closed by 209.38.21.233 port 37816 [preauth]
May 12 12:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Failed password for root from 209.38.21.233 port 37822 ssh2
May 12 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Connection closed by 209.38.21.233 port 37822 [preauth]
May 12 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: Failed password for root from 117.40.119.252 port 39358 ssh2
May 12 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: Connection closed by 117.40.119.252 port 39358 [preauth]
May 12 12:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: Invalid user observer from 209.38.21.233
May 12 12:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: input_userauth_request: invalid user observer [preauth]
May 12 12:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: Failed password for root from 117.40.119.252 port 42255 ssh2
May 12 12:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: Connection closed by 117.40.119.252 port 42255 [preauth]
May 12 12:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: Failed password for invalid user observer from 209.38.21.233 port 43062 ssh2
May 12 12:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: Connection closed by 209.38.21.233 port 43062 [preauth]
May 12 12:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Failed password for root from 117.40.119.252 port 44190 ssh2
May 12 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Connection closed by 117.40.119.252 port 44190 [preauth]
May 12 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Invalid user test2 from 209.38.21.233
May 12 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: input_userauth_request: invalid user test2 [preauth]
May 12 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Failed password for invalid user test2 from 209.38.21.233 port 43066 ssh2
May 12 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Connection closed by 209.38.21.233 port 43066 [preauth]
May 12 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Failed password for root from 117.40.119.252 port 45828 ssh2
May 12 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Connection closed by 117.40.119.252 port 45828 [preauth]
May 12 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Invalid user odoo16 from 209.38.21.233
May 12 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: input_userauth_request: invalid user odoo16 [preauth]
May 12 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6488]: Failed password for root from 117.40.119.252 port 47376 ssh2
May 12 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6488]: Connection closed by 117.40.119.252 port 47376 [preauth]
May 12 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Failed password for invalid user odoo16 from 209.38.21.233 port 49932 ssh2
May 12 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Connection closed by 209.38.21.233 port 49932 [preauth]
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6505]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6504]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6502]: pam_unix(cron:session): session closed for user p13x
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6561]: Successful su for rubyman by root
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6561]: + ??? root:rubyman
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378925 of user rubyman.
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6561]: pam_unix(su:session): session closed for user rubyman
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378925.
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Invalid user user2 from 209.38.21.233
May 12 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: input_userauth_request: invalid user user2 [preauth]
May 12 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Failed password for invalid user user2 from 209.38.21.233 port 49938 ssh2
May 12 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Connection closed by 209.38.21.233 port 49938 [preauth]
May 12 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session closed for user root
May 12 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6503]: pam_unix(cron:session): session closed for user samftp
May 12 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Invalid user tom from 209.38.21.233
May 12 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: input_userauth_request: invalid user tom [preauth]
May 12 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: Failed password for root from 117.40.119.252 port 51457 ssh2
May 12 12:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: Connection closed by 117.40.119.252 port 51457 [preauth]
May 12 12:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Failed password for invalid user tom from 209.38.21.233 port 43684 ssh2
May 12 12:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Connection closed by 209.38.21.233 port 43684 [preauth]
May 12 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: Failed password for root from 117.40.119.252 port 53142 ssh2
May 12 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: Connection closed by 117.40.119.252 port 53142 [preauth]
May 12 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Invalid user debian from 209.38.21.233
May 12 12:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: input_userauth_request: invalid user debian [preauth]
May 12 12:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Failed password for invalid user debian from 209.38.21.233 port 43708 ssh2
May 12 12:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Connection closed by 209.38.21.233 port 43708 [preauth]
May 12 12:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Invalid user docker from 209.38.21.233
May 12 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: input_userauth_request: invalid user docker [preauth]
May 12 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Failed password for root from 117.40.119.252 port 56666 ssh2
May 12 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Failed password for invalid user docker from 209.38.21.233 port 57698 ssh2
May 12 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Connection closed by 117.40.119.252 port 56666 [preauth]
May 12 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Connection closed by 209.38.21.233 port 57698 [preauth]
May 12 12:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: Failed password for root from 209.38.21.233 port 57714 ssh2
May 12 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: Connection closed by 209.38.21.233 port 57714 [preauth]
May 12 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: Failed password for root from 117.40.119.252 port 58074 ssh2
May 12 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: Connection closed by 117.40.119.252 port 58074 [preauth]
May 12 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Failed password for root from 209.38.21.233 port 57420 ssh2
May 12 12:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Connection closed by 209.38.21.233 port 57420 [preauth]
May 12 12:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Failed password for root from 117.40.119.252 port 32786 ssh2
May 12 12:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Connection closed by 117.40.119.252 port 32786 [preauth]
May 12 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: Failed password for root from 209.38.21.233 port 57424 ssh2
May 12 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: Connection closed by 209.38.21.233 port 57424 [preauth]
May 12 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session closed for user root
May 12 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Invalid user oscar from 209.38.21.233
May 12 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: input_userauth_request: invalid user oscar [preauth]
May 12 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Failed password for root from 117.40.119.252 port 35021 ssh2
May 12 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Connection closed by 117.40.119.252 port 35021 [preauth]
May 12 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Failed password for invalid user oscar from 209.38.21.233 port 57434 ssh2
May 12 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Connection closed by 209.38.21.233 port 57434 [preauth]
May 12 12:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: Invalid user nvidia from 209.38.21.233
May 12 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: input_userauth_request: invalid user nvidia [preauth]
May 12 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: Failed password for invalid user nvidia from 209.38.21.233 port 37592 ssh2
May 12 12:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: Connection closed by 209.38.21.233 port 37592 [preauth]
May 12 12:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: Failed password for root from 117.40.119.252 port 40422 ssh2
May 12 12:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: Connection closed by 117.40.119.252 port 40422 [preauth]
May 12 12:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Failed password for root from 117.40.119.252 port 41974 ssh2
May 12 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Connection closed by 117.40.119.252 port 41974 [preauth]
May 12 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Failed password for root from 209.38.21.233 port 37612 ssh2
May 12 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Connection closed by 209.38.21.233 port 37612 [preauth]
May 12 12:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Failed password for root from 117.40.119.252 port 43396 ssh2
May 12 12:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Connection closed by 117.40.119.252 port 43396 [preauth]
May 12 12:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7016]: Failed password for root from 209.38.21.233 port 52682 ssh2
May 12 12:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7016]: Connection closed by 209.38.21.233 port 52682 [preauth]
May 12 12:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: Invalid user dolphinscheduler from 209.38.21.233
May 12 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: Failed password for root from 117.40.119.252 port 45435 ssh2
May 12 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: Connection closed by 117.40.119.252 port 45435 [preauth]
May 12 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: Failed password for invalid user dolphinscheduler from 209.38.21.233 port 52698 ssh2
May 12 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: Connection closed by 209.38.21.233 port 52698 [preauth]
May 12 12:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Failed password for root from 117.40.119.252 port 46976 ssh2
May 12 12:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Connection closed by 117.40.119.252 port 46976 [preauth]
May 12 12:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: Invalid user ubuntu from 209.38.21.233
May 12 12:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: input_userauth_request: invalid user ubuntu [preauth]
May 12 12:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: Failed password for invalid user ubuntu from 209.38.21.233 port 45428 ssh2
May 12 12:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: Connection closed by 209.38.21.233 port 45428 [preauth]
May 12 12:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Failed password for root from 117.40.119.252 port 48637 ssh2
May 12 12:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Connection closed by 117.40.119.252 port 48637 [preauth]
May 12 12:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: User proxy from 209.38.21.233 not allowed because not listed in AllowUsers
May 12 12:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: input_userauth_request: invalid user proxy [preauth]
May 12 12:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=proxy
May 12 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7074]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7071]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7072]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7073]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7074]: pam_unix(cron:session): session closed for user root
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7066]: pam_unix(cron:session): session closed for user p13x
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7153]: Successful su for rubyman by root
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7153]: + ??? root:rubyman
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378929 of user rubyman.
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7153]: pam_unix(su:session): session closed for user rubyman
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378929.
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Failed password for invalid user proxy from 209.38.21.233 port 45436 ssh2
May 12 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Connection closed by 209.38.21.233 port 45436 [preauth]
May 12 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7071]: pam_unix(cron:session): session closed for user root
May 12 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3529]: pam_unix(cron:session): session closed for user root
May 12 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Invalid user test from 209.38.21.233
May 12 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: input_userauth_request: invalid user test [preauth]
May 12 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: Failed password for root from 117.40.119.252 port 52788 ssh2
May 12 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: Connection closed by 117.40.119.252 port 52788 [preauth]
May 12 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Failed password for invalid user test from 209.38.21.233 port 37384 ssh2
May 12 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Connection closed by 209.38.21.233 port 37384 [preauth]
May 12 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7068]: pam_unix(cron:session): session closed for user samftp
May 12 12:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: Failed password for root from 209.38.21.233 port 37388 ssh2
May 12 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: Connection closed by 209.38.21.233 port 37388 [preauth]
May 12 12:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Failed password for root from 117.40.119.252 port 54382 ssh2
May 12 12:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Connection closed by 117.40.119.252 port 54382 [preauth]
May 12 12:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: Invalid user postgres from 209.38.21.233
May 12 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: input_userauth_request: invalid user postgres [preauth]
May 12 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Failed password for root from 117.40.119.252 port 57467 ssh2
May 12 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: Failed password for invalid user postgres from 209.38.21.233 port 37394 ssh2
May 12 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Connection closed by 117.40.119.252 port 57467 [preauth]
May 12 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: Connection closed by 209.38.21.233 port 37394 [preauth]
May 12 12:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Invalid user ubuntu from 209.38.21.233
May 12 12:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: input_userauth_request: invalid user ubuntu [preauth]
May 12 12:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162  user=root
May 12 12:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Failed password for invalid user ubuntu from 209.38.21.233 port 46224 ssh2
May 12 12:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Connection closed by 209.38.21.233 port 46224 [preauth]
May 12 12:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: Failed password for root from 206.172.46.162 port 52378 ssh2
May 12 12:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: Received disconnect from 206.172.46.162 port 52378:11: Bye Bye [preauth]
May 12 12:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: Disconnected from 206.172.46.162 port 52378 [preauth]
May 12 12:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: Failed password for root from 209.38.21.233 port 46236 ssh2
May 12 12:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: Connection closed by 209.38.21.233 port 46236 [preauth]
May 12 12:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Failed password for root from 117.40.119.252 port 33519 ssh2
May 12 12:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Connection closed by 117.40.119.252 port 33519 [preauth]
May 12 12:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Invalid user tools from 209.38.21.233
May 12 12:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: input_userauth_request: invalid user tools [preauth]
May 12 12:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Failed password for invalid user tools from 209.38.21.233 port 52482 ssh2
May 12 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Connection closed by 209.38.21.233 port 52482 [preauth]
May 12 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: Invalid user dmdba from 209.38.21.233
May 12 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: input_userauth_request: invalid user dmdba [preauth]
May 12 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6034]: pam_unix(cron:session): session closed for user root
May 12 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Failed password for root from 218.92.0.232 port 45910 ssh2
May 12 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7600]: Failed password for root from 117.40.119.252 port 38277 ssh2
May 12 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: Failed password for invalid user dmdba from 209.38.21.233 port 52530 ssh2
May 12 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7600]: Connection closed by 117.40.119.252 port 38277 [preauth]
May 12 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: Connection closed by 209.38.21.233 port 52530 [preauth]
May 12 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Invalid user amir from 209.38.21.233
May 12 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: input_userauth_request: invalid user amir [preauth]
May 12 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Failed password for root from 218.92.0.232 port 45910 ssh2
May 12 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: Failed password for root from 117.40.119.252 port 39844 ssh2
May 12 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: Connection closed by 117.40.119.252 port 39844 [preauth]
May 12 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Failed password for root from 218.92.0.232 port 45910 ssh2
May 12 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Failed password for invalid user amir from 209.38.21.233 port 44734 ssh2
May 12 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Received disconnect from 218.92.0.232 port 45910:11:  [preauth]
May 12 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Disconnected from 218.92.0.232 port 45910 [preauth]
May 12 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Connection closed by 209.38.21.233 port 44734 [preauth]
May 12 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: Invalid user user from 209.38.21.233
May 12 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: input_userauth_request: invalid user user [preauth]
May 12 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: Failed password for root from 117.40.119.252 port 41428 ssh2
May 12 12:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: Connection closed by 117.40.119.252 port 41428 [preauth]
May 12 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: Failed password for root from 218.92.0.232 port 44204 ssh2
May 12 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: Failed password for invalid user user from 209.38.21.233 port 44736 ssh2
May 12 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: Connection closed by 209.38.21.233 port 44736 [preauth]
May 12 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7685]: Invalid user kingbase from 209.38.21.233
May 12 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7685]: input_userauth_request: invalid user kingbase [preauth]
May 12 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: Failed password for root from 218.92.0.232 port 44204 ssh2
May 12 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7685]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7685]: Failed password for invalid user kingbase from 209.38.21.233 port 38458 ssh2
May 12 12:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7685]: Connection closed by 209.38.21.233 port 38458 [preauth]
May 12 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: Failed password for root from 218.92.0.232 port 44204 ssh2
May 12 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: Received disconnect from 218.92.0.232 port 44204:11:  [preauth]
May 12 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: Disconnected from 218.92.0.232 port 44204 [preauth]
May 12 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7699]: Failed password for root from 117.40.119.252 port 45730 ssh2
May 12 12:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7699]: Connection closed by 117.40.119.252 port 45730 [preauth]
May 12 12:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: Failed password for root from 209.38.21.233 port 38484 ssh2
May 12 12:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: Connection closed by 209.38.21.233 port 38484 [preauth]
May 12 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: Invalid user developer from 209.38.21.233
May 12 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: input_userauth_request: invalid user developer [preauth]
May 12 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7704]: Failed password for root from 117.40.119.252 port 48489 ssh2
May 12 12:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: Failed password for invalid user developer from 209.38.21.233 port 38490 ssh2
May 12 12:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7704]: Connection closed by 117.40.119.252 port 48489 [preauth]
May 12 12:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: Connection closed by 209.38.21.233 port 38490 [preauth]
May 12 12:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7720]: Failed password for root from 117.40.119.252 port 50733 ssh2
May 12 12:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7720]: Connection closed by 117.40.119.252 port 50733 [preauth]
May 12 12:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: Failed password for root from 209.38.21.233 port 45068 ssh2
May 12 12:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: Connection closed by 209.38.21.233 port 45068 [preauth]
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7743]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7744]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7740]: pam_unix(cron:session): session closed for user p13x
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7819]: Successful su for rubyman by root
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7819]: + ??? root:rubyman
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378933 of user rubyman.
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7819]: pam_unix(su:session): session closed for user rubyman
May 12 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378933.
May 12 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: Failed password for root from 117.40.119.252 port 52326 ssh2
May 12 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: Connection closed by 117.40.119.252 port 52326 [preauth]
May 12 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7851]: Failed password for root from 209.38.21.233 port 45080 ssh2
May 12 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7851]: Connection closed by 209.38.21.233 port 45080 [preauth]
May 12 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4056]: pam_unix(cron:session): session closed for user root
May 12 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7741]: pam_unix(cron:session): session closed for user samftp
May 12 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7960]: Failed password for root from 117.40.119.252 port 54560 ssh2
May 12 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: Invalid user hadoop from 209.38.21.233
May 12 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: input_userauth_request: invalid user hadoop [preauth]
May 12 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7960]: Connection closed by 117.40.119.252 port 54560 [preauth]
May 12 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7937]: Failed password for root from 218.92.0.232 port 46404 ssh2
May 12 12:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: Failed password for invalid user hadoop from 209.38.21.233 port 38898 ssh2
May 12 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7937]: Failed password for root from 218.92.0.232 port 46404 ssh2
May 12 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: Connection closed by 209.38.21.233 port 38898 [preauth]
May 12 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8018]: Failed password for root from 117.40.119.252 port 56160 ssh2
May 12 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8018]: Connection closed by 117.40.119.252 port 56160 [preauth]
May 12 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: Invalid user user1 from 209.38.21.233
May 12 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: input_userauth_request: invalid user user1 [preauth]
May 12 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: Failed password for root from 117.40.119.252 port 57706 ssh2
May 12 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: Connection closed by 117.40.119.252 port 57706 [preauth]
May 12 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: Failed password for invalid user user1 from 209.38.21.233 port 38908 ssh2
May 12 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: Connection closed by 209.38.21.233 port 38908 [preauth]
May 12 12:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Failed password for root from 117.40.119.252 port 59249 ssh2
May 12 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: Invalid user hadoop from 209.38.21.233
May 12 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: input_userauth_request: invalid user hadoop [preauth]
May 12 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Connection closed by 117.40.119.252 port 59249 [preauth]
May 12 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7937]: Received disconnect from 218.92.0.232 port 46404:11:  [preauth]
May 12 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7937]: Disconnected from 218.92.0.232 port 46404 [preauth]
May 12 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7937]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: Failed password for invalid user hadoop from 209.38.21.233 port 46348 ssh2
May 12 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: Connection closed by 209.38.21.233 port 46348 [preauth]
May 12 12:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Failed password for root from 117.40.119.252 port 60472 ssh2
May 12 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Connection closed by 117.40.119.252 port 60472 [preauth]
May 12 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: Invalid user opc from 209.38.21.233
May 12 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: input_userauth_request: invalid user opc [preauth]
May 12 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: Failed password for invalid user opc from 209.38.21.233 port 46358 ssh2
May 12 12:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: Connection closed by 209.38.21.233 port 46358 [preauth]
May 12 12:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: Failed password for root from 117.40.119.252 port 34159 ssh2
May 12 12:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: Connection closed by 117.40.119.252 port 34159 [preauth]
May 12 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8090]: Invalid user ts from 209.38.21.233
May 12 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8090]: input_userauth_request: invalid user ts [preauth]
May 12 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8090]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8090]: Failed password for invalid user ts from 209.38.21.233 port 41402 ssh2
May 12 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8090]: Connection closed by 209.38.21.233 port 41402 [preauth]
May 12 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: Failed password for root from 117.40.119.252 port 35694 ssh2
May 12 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: Connection closed by 117.40.119.252 port 35694 [preauth]
May 12 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: Failed password for root from 117.40.119.252 port 37764 ssh2
May 12 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: Connection closed by 117.40.119.252 port 37764 [preauth]
May 12 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: Failed password for root from 209.38.21.233 port 41412 ssh2
May 12 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: Connection closed by 209.38.21.233 port 41412 [preauth]
May 12 12:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6505]: pam_unix(cron:session): session closed for user root
May 12 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: Failed password for root from 117.40.119.252 port 39329 ssh2
May 12 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: Connection closed by 117.40.119.252 port 39329 [preauth]
May 12 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8155]: Invalid user lighthouse from 209.38.21.233
May 12 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8155]: input_userauth_request: invalid user lighthouse [preauth]
May 12 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8155]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8155]: Failed password for invalid user lighthouse from 209.38.21.233 port 41418 ssh2
May 12 12:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8155]: Connection closed by 209.38.21.233 port 41418 [preauth]
May 12 12:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: Failed password for root from 117.40.119.252 port 40693 ssh2
May 12 12:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: Connection closed by 117.40.119.252 port 40693 [preauth]
May 12 12:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: Invalid user app from 209.38.21.233
May 12 12:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: input_userauth_request: invalid user app [preauth]
May 12 12:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: Failed password for invalid user app from 209.38.21.233 port 48250 ssh2
May 12 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: Connection closed by 209.38.21.233 port 48250 [preauth]
May 12 12:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: Failed password for root from 209.38.21.233 port 48260 ssh2
May 12 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: Connection closed by 209.38.21.233 port 48260 [preauth]
May 12 12:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Failed password for root from 117.40.119.252 port 44470 ssh2
May 12 12:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Connection closed by 117.40.119.252 port 44470 [preauth]
May 12 12:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Invalid user wang from 209.38.21.233
May 12 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: input_userauth_request: invalid user wang [preauth]
May 12 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8204]: Failed password for root from 117.40.119.252 port 46489 ssh2
May 12 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8204]: Connection closed by 117.40.119.252 port 46489 [preauth]
May 12 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Failed password for invalid user wang from 209.38.21.233 port 38360 ssh2
May 12 12:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Connection closed by 209.38.21.233 port 38360 [preauth]
May 12 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: Invalid user gitlab from 209.38.21.233
May 12 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: input_userauth_request: invalid user gitlab [preauth]
May 12 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: Failed password for invalid user gitlab from 209.38.21.233 port 38366 ssh2
May 12 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: Connection closed by 209.38.21.233 port 38366 [preauth]
May 12 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8233]: Invalid user gpuadmin from 209.38.21.233
May 12 12:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8233]: input_userauth_request: invalid user gpuadmin [preauth]
May 12 12:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8233]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: Failed password for root from 117.40.119.252 port 50661 ssh2
May 12 12:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: Connection closed by 117.40.119.252 port 50661 [preauth]
May 12 12:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8233]: Failed password for invalid user gpuadmin from 209.38.21.233 port 33728 ssh2
May 12 12:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8233]: Connection closed by 209.38.21.233 port 33728 [preauth]
May 12 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: Invalid user minecraft from 209.38.21.233
May 12 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: input_userauth_request: invalid user minecraft [preauth]
May 12 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8248]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8249]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8246]: pam_unix(cron:session): session closed for user p13x
May 12 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8305]: Successful su for rubyman by root
May 12 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8305]: + ??? root:rubyman
May 12 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378939 of user rubyman.
May 12 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8305]: pam_unix(su:session): session closed for user rubyman
May 12 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378939.
May 12 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: Failed password for invalid user minecraft from 209.38.21.233 port 33738 ssh2
May 12 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: Connection closed by 209.38.21.233 port 33738 [preauth]
May 12 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4720]: pam_unix(cron:session): session closed for user root
May 12 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Invalid user es from 209.38.21.233
May 12 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: input_userauth_request: invalid user es [preauth]
May 12 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8247]: pam_unix(cron:session): session closed for user samftp
May 12 12:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Failed password for root from 117.40.119.252 port 54699 ssh2
May 12 12:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Connection closed by 117.40.119.252 port 54699 [preauth]
May 12 12:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Failed password for invalid user es from 209.38.21.233 port 48816 ssh2
May 12 12:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Connection closed by 209.38.21.233 port 48816 [preauth]
May 12 12:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: Invalid user elasticsearch from 209.38.21.233
May 12 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: input_userauth_request: invalid user elasticsearch [preauth]
May 12 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Failed password for root from 117.40.119.252 port 56751 ssh2
May 12 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Connection closed by 117.40.119.252 port 56751 [preauth]
May 12 12:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: Failed password for invalid user elasticsearch from 209.38.21.233 port 48830 ssh2
May 12 12:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: Connection closed by 209.38.21.233 port 48830 [preauth]
May 12 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: Failed password for root from 117.40.119.252 port 57984 ssh2
May 12 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: Connection closed by 117.40.119.252 port 57984 [preauth]
May 12 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: Invalid user steam from 209.38.21.233
May 12 12:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: input_userauth_request: invalid user steam [preauth]
May 12 12:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: Failed password for invalid user steam from 209.38.21.233 port 33168 ssh2
May 12 12:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: Connection closed by 209.38.21.233 port 33168 [preauth]
May 12 12:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: Failed password for root from 117.40.119.252 port 59620 ssh2
May 12 12:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: Connection closed by 117.40.119.252 port 59620 [preauth]
May 12 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8555]: Invalid user kubernetes from 209.38.21.233
May 12 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8555]: input_userauth_request: invalid user kubernetes [preauth]
May 12 12:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8555]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8555]: Failed password for invalid user kubernetes from 209.38.21.233 port 33174 ssh2
May 12 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8555]: Connection closed by 209.38.21.233 port 33174 [preauth]
May 12 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: Invalid user elastic from 209.38.21.233
May 12 12:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: input_userauth_request: invalid user elastic [preauth]
May 12 12:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: Failed password for root from 117.40.119.252 port 33453 ssh2
May 12 12:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: Connection closed by 117.40.119.252 port 33453 [preauth]
May 12 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: Failed password for invalid user elastic from 209.38.21.233 port 33180 ssh2
May 12 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: Connection closed by 209.38.21.233 port 33180 [preauth]
May 12 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8597]: Invalid user centos from 209.38.21.233
May 12 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8597]: input_userauth_request: invalid user centos [preauth]
May 12 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8597]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8597]: Failed password for invalid user centos from 209.38.21.233 port 40868 ssh2
May 12 12:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Failed password for root from 117.40.119.252 port 36474 ssh2
May 12 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8597]: Connection closed by 209.38.21.233 port 40868 [preauth]
May 12 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Connection closed by 117.40.119.252 port 36474 [preauth]
May 12 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Invalid user gitlab from 209.38.21.233
May 12 12:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: input_userauth_request: invalid user gitlab [preauth]
May 12 12:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8599]: Failed password for root from 117.40.119.252 port 39331 ssh2
May 12 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8599]: Connection closed by 117.40.119.252 port 39331 [preauth]
May 12 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7073]: pam_unix(cron:session): session closed for user root
May 12 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Failed password for invalid user gitlab from 209.38.21.233 port 40888 ssh2
May 12 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Connection closed by 209.38.21.233 port 40888 [preauth]
May 12 12:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: Invalid user debian from 209.38.21.233
May 12 12:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: input_userauth_request: invalid user debian [preauth]
May 12 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: Failed password for root from 117.40.119.252 port 40738 ssh2
May 12 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: Connection closed by 117.40.119.252 port 40738 [preauth]
May 12 12:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: Failed password for invalid user debian from 209.38.21.233 port 60812 ssh2
May 12 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: Connection closed by 209.38.21.233 port 60812 [preauth]
May 12 12:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Invalid user www from 209.38.21.233
May 12 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: input_userauth_request: invalid user www [preauth]
May 12 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Failed password for root from 117.40.119.252 port 42842 ssh2
May 12 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Connection closed by 117.40.119.252 port 42842 [preauth]
May 12 12:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Failed password for invalid user www from 209.38.21.233 port 60828 ssh2
May 12 12:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Connection closed by 209.38.21.233 port 60828 [preauth]
May 12 12:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Invalid user esuser from 209.38.21.233
May 12 12:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: input_userauth_request: invalid user esuser [preauth]
May 12 12:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Failed password for invalid user esuser from 209.38.21.233 port 38020 ssh2
May 12 12:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Connection closed by 209.38.21.233 port 38020 [preauth]
May 12 12:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8688]: Invalid user wso2 from 209.38.21.233
May 12 12:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8688]: input_userauth_request: invalid user wso2 [preauth]
May 12 12:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8688]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Failed password for root from 117.40.119.252 port 47530 ssh2
May 12 12:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Connection closed by 117.40.119.252 port 47530 [preauth]
May 12 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8688]: Failed password for invalid user wso2 from 209.38.21.233 port 38036 ssh2
May 12 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8688]: Connection closed by 209.38.21.233 port 38036 [preauth]
May 12 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8709]: Failed password for root from 209.38.21.233 port 37018 ssh2
May 12 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Failed password for root from 117.40.119.252 port 49713 ssh2
May 12 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8709]: Connection closed by 209.38.21.233 port 37018 [preauth]
May 12 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Connection closed by 117.40.119.252 port 49713 [preauth]
May 12 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Invalid user master from 209.38.21.233
May 12 12:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: input_userauth_request: invalid user master [preauth]
May 12 12:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8726]: Failed password for root from 117.40.119.252 port 52860 ssh2
May 12 12:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8726]: Connection closed by 117.40.119.252 port 52860 [preauth]
May 12 12:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8736]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8735]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8733]: pam_unix(cron:session): session closed for user p13x
May 12 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Failed password for invalid user master from 209.38.21.233 port 37044 ssh2
May 12 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Connection closed by 209.38.21.233 port 37044 [preauth]
May 12 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8794]: Successful su for rubyman by root
May 12 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8794]: + ??? root:rubyman
May 12 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378941 of user rubyman.
May 12 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8794]: pam_unix(su:session): session closed for user rubyman
May 12 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378941.
May 12 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Failed password for root from 117.40.119.252 port 54353 ssh2
May 12 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Connection closed by 117.40.119.252 port 54353 [preauth]
May 12 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session closed for user root
May 12 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8885]: Failed password for root from 209.38.21.233 port 39804 ssh2
May 12 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8734]: pam_unix(cron:session): session closed for user samftp
May 12 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8885]: Connection closed by 209.38.21.233 port 39804 [preauth]
May 12 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Invalid user administrator from 209.38.21.233
May 12 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: input_userauth_request: invalid user administrator [preauth]
May 12 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: Failed password for root from 117.40.119.252 port 55977 ssh2
May 12 12:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: Connection closed by 117.40.119.252 port 55977 [preauth]
May 12 12:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Failed password for invalid user administrator from 209.38.21.233 port 39806 ssh2
May 12 12:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Connection closed by 209.38.21.233 port 39806 [preauth]
May 12 12:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Invalid user plex from 209.38.21.233
May 12 12:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: input_userauth_request: invalid user plex [preauth]
May 12 12:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9001]: Failed password for root from 117.40.119.252 port 59364 ssh2
May 12 12:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9001]: Connection closed by 117.40.119.252 port 59364 [preauth]
May 12 12:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Failed password for invalid user plex from 209.38.21.233 port 39820 ssh2
May 12 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Connection closed by 209.38.21.233 port 39820 [preauth]
May 12 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: Failed password for root from 117.40.119.252 port 32769 ssh2
May 12 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: Connection closed by 117.40.119.252 port 32769 [preauth]
May 12 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: Failed password for root from 209.38.21.233 port 36956 ssh2
May 12 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: Failed password for root from 117.40.119.252 port 34160 ssh2
May 12 12:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: Connection closed by 209.38.21.233 port 36956 [preauth]
May 12 12:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: Connection closed by 117.40.119.252 port 34160 [preauth]
May 12 12:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: Failed password for root from 117.40.119.252 port 35760 ssh2
May 12 12:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: Connection closed by 117.40.119.252 port 35760 [preauth]
May 12 12:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: Failed password for root from 209.38.21.233 port 36968 ssh2
May 12 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: Connection closed by 209.38.21.233 port 36968 [preauth]
May 12 12:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Failed password for root from 117.40.119.252 port 37055 ssh2
May 12 12:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Connection closed by 117.40.119.252 port 37055 [preauth]
May 12 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: Invalid user steam from 209.38.21.233
May 12 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: input_userauth_request: invalid user steam [preauth]
May 12 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: Failed password for invalid user steam from 209.38.21.233 port 35688 ssh2
May 12 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: Connection closed by 209.38.21.233 port 35688 [preauth]
May 12 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: Failed password for root from 117.40.119.252 port 38713 ssh2
May 12 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: Connection closed by 117.40.119.252 port 38713 [preauth]
May 12 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Invalid user oracle from 209.38.21.233
May 12 12:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: input_userauth_request: invalid user oracle [preauth]
May 12 12:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9085]: Failed password for root from 117.40.119.252 port 40381 ssh2
May 12 12:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9085]: Connection closed by 117.40.119.252 port 40381 [preauth]
May 12 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7744]: pam_unix(cron:session): session closed for user root
May 12 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Failed password for invalid user oracle from 209.38.21.233 port 35698 ssh2
May 12 12:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Connection closed by 209.38.21.233 port 35698 [preauth]
May 12 12:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: Invalid user kingbase from 209.38.21.233
May 12 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: input_userauth_request: invalid user kingbase [preauth]
May 12 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: Failed password for root from 117.40.119.252 port 41703 ssh2
May 12 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: Connection closed by 117.40.119.252 port 41703 [preauth]
May 12 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: Failed password for invalid user kingbase from 209.38.21.233 port 53694 ssh2
May 12 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: Connection closed by 209.38.21.233 port 53694 [preauth]
May 12 12:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: Failed password for root from 117.40.119.252 port 43794 ssh2
May 12 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: Connection closed by 117.40.119.252 port 43794 [preauth]
May 12 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Invalid user odoo from 209.38.21.233
May 12 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: input_userauth_request: invalid user odoo [preauth]
May 12 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for invalid user odoo from 209.38.21.233 port 53710 ssh2
May 12 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: Failed password for root from 117.40.119.252 port 45163 ssh2
May 12 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: Connection closed by 117.40.119.252 port 45163 [preauth]
May 12 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Connection closed by 209.38.21.233 port 53710 [preauth]
May 12 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: Invalid user user from 209.38.21.233
May 12 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: input_userauth_request: invalid user user [preauth]
May 12 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9227]: Failed password for root from 117.40.119.252 port 46585 ssh2
May 12 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9227]: Connection closed by 117.40.119.252 port 46585 [preauth]
May 12 12:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: Failed password for invalid user user from 209.38.21.233 port 51396 ssh2
May 12 12:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: Connection closed by 209.38.21.233 port 51396 [preauth]
May 12 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9256]: Invalid user user2 from 209.38.21.233
May 12 12:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9256]: input_userauth_request: invalid user user2 [preauth]
May 12 12:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9256]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9254]: Failed password for root from 117.40.119.252 port 48385 ssh2
May 12 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9254]: Connection closed by 117.40.119.252 port 48385 [preauth]
May 12 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9256]: Failed password for invalid user user2 from 209.38.21.233 port 51408 ssh2
May 12 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9256]: Connection closed by 209.38.21.233 port 51408 [preauth]
May 12 12:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: Failed password for root from 117.40.119.252 port 50333 ssh2
May 12 12:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: Connection closed by 117.40.119.252 port 50333 [preauth]
May 12 12:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Invalid user test from 209.38.21.233
May 12 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: input_userauth_request: invalid user test [preauth]
May 12 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Invalid user admin from 156.251.24.166
May 12 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: input_userauth_request: invalid user admin [preauth]
May 12 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 12:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Failed password for invalid user test from 209.38.21.233 port 54900 ssh2
May 12 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Connection closed by 209.38.21.233 port 54900 [preauth]
May 12 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Failed password for invalid user admin from 156.251.24.166 port 49172 ssh2
May 12 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Received disconnect from 156.251.24.166 port 49172:11: Bye Bye [preauth]
May 12 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Disconnected from 156.251.24.166 port 49172 [preauth]
May 12 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9312]: Failed password for root from 209.38.21.233 port 54904 ssh2
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9328]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9327]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9323]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9312]: Connection closed by 209.38.21.233 port 54904 [preauth]
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9325]: pam_unix(cron:session): session closed for user p13x
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9449]: Successful su for rubyman by root
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9449]: + ??? root:rubyman
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378945 of user rubyman.
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9449]: pam_unix(su:session): session closed for user rubyman
May 12 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378945.
May 12 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9323]: pam_unix(cron:session): session closed for user root
May 12 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: Invalid user jms from 209.38.21.233
May 12 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: input_userauth_request: invalid user jms [preauth]
May 12 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session closed for user root
May 12 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: Failed password for invalid user jms from 209.38.21.233 port 54908 ssh2
May 12 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: Connection closed by 209.38.21.233 port 54908 [preauth]
May 12 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9578]: Failed password for root from 117.40.119.252 port 56589 ssh2
May 12 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9326]: pam_unix(cron:session): session closed for user samftp
May 12 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9578]: Connection closed by 117.40.119.252 port 56589 [preauth]
May 12 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Invalid user nginx from 209.38.21.233
May 12 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: input_userauth_request: invalid user nginx [preauth]
May 12 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Failed password for root from 117.40.119.252 port 58214 ssh2
May 12 12:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Connection closed by 117.40.119.252 port 58214 [preauth]
May 12 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Failed password for invalid user nginx from 209.38.21.233 port 41500 ssh2
May 12 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Connection closed by 209.38.21.233 port 41500 [preauth]
May 12 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Invalid user elastic from 209.38.21.233
May 12 12:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: input_userauth_request: invalid user elastic [preauth]
May 12 12:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Failed password for root from 117.40.119.252 port 59754 ssh2
May 12 12:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Connection closed by 117.40.119.252 port 59754 [preauth]
May 12 12:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Failed password for invalid user elastic from 209.38.21.233 port 41512 ssh2
May 12 12:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Connection closed by 209.38.21.233 port 41512 [preauth]
May 12 12:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Failed password for root from 209.38.21.233 port 55204 ssh2
May 12 12:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Connection closed by 209.38.21.233 port 55204 [preauth]
May 12 12:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: Failed password for root from 117.40.119.252 port 35966 ssh2
May 12 12:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: Connection closed by 117.40.119.252 port 35966 [preauth]
May 12 12:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: Failed password for root from 209.38.21.233 port 55210 ssh2
May 12 12:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: Connection closed by 209.38.21.233 port 55210 [preauth]
May 12 12:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: Invalid user ftpuser from 209.38.21.233
May 12 12:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: input_userauth_request: invalid user ftpuser [preauth]
May 12 12:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: Failed password for root from 117.40.119.252 port 37939 ssh2
May 12 12:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: Connection closed by 117.40.119.252 port 37939 [preauth]
May 12 12:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: Failed password for invalid user ftpuser from 209.38.21.233 port 47800 ssh2
May 12 12:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: Connection closed by 209.38.21.233 port 47800 [preauth]
May 12 12:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: Invalid user ftpuser from 209.38.21.233
May 12 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: input_userauth_request: invalid user ftpuser [preauth]
May 12 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9742]: Failed password for root from 117.40.119.252 port 39988 ssh2
May 12 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9742]: Connection closed by 117.40.119.252 port 39988 [preauth]
May 12 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: Failed password for invalid user ftpuser from 209.38.21.233 port 47812 ssh2
May 12 12:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: Connection closed by 209.38.21.233 port 47812 [preauth]
May 12 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8249]: pam_unix(cron:session): session closed for user root
May 12 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: Failed password for root from 117.40.119.252 port 41993 ssh2
May 12 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: Connection closed by 117.40.119.252 port 41993 [preauth]
May 12 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: Invalid user oracle from 209.38.21.233
May 12 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: input_userauth_request: invalid user oracle [preauth]
May 12 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: Failed password for invalid user oracle from 209.38.21.233 port 37778 ssh2
May 12 12:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: Connection closed by 209.38.21.233 port 37778 [preauth]
May 12 12:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: Failed password for root from 117.40.119.252 port 43533 ssh2
May 12 12:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: Connection closed by 117.40.119.252 port 43533 [preauth]
May 12 12:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9796]: Invalid user pi from 209.38.21.233
May 12 12:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9796]: input_userauth_request: invalid user pi [preauth]
May 12 12:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9796]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: Failed password for root from 117.40.119.252 port 45038 ssh2
May 12 12:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: Connection closed by 117.40.119.252 port 45038 [preauth]
May 12 12:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9796]: Failed password for invalid user pi from 209.38.21.233 port 37788 ssh2
May 12 12:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9796]: Connection closed by 209.38.21.233 port 37788 [preauth]
May 12 12:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: Failed password for root from 117.40.119.252 port 46661 ssh2
May 12 12:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: Connection closed by 117.40.119.252 port 46661 [preauth]
May 12 12:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9813]: Failed password for root from 209.38.21.233 port 37808 ssh2
May 12 12:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9813]: Connection closed by 209.38.21.233 port 37808 [preauth]
May 12 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: Invalid user admin from 209.38.21.233
May 12 12:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: input_userauth_request: invalid user admin [preauth]
May 12 12:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: Failed password for invalid user admin from 209.38.21.233 port 53378 ssh2
May 12 12:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: Connection closed by 209.38.21.233 port 53378 [preauth]
May 12 12:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Failed password for root from 209.38.21.233 port 53392 ssh2
May 12 12:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Connection closed by 209.38.21.233 port 53392 [preauth]
May 12 12:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: Failed password for root from 117.40.119.252 port 53259 ssh2
May 12 12:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: Connection closed by 117.40.119.252 port 53259 [preauth]
May 12 12:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: Failed password for root from 209.38.21.233 port 49454 ssh2
May 12 12:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: Connection closed by 209.38.21.233 port 49454 [preauth]
May 12 12:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: Failed password for root from 117.40.119.252 port 54746 ssh2
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: Connection closed by 117.40.119.252 port 54746 [preauth]
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9873]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9872]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9874]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session closed for user root
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9870]: pam_unix(cron:session): session closed for user p13x
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: Successful su for rubyman by root
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: + ??? root:rubyman
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378950 of user rubyman.
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: pam_unix(su:session): session closed for user rubyman
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378950.
May 12 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: Failed password for root from 209.38.21.233 port 49460 ssh2
May 12 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: Connection closed by 209.38.21.233 port 49460 [preauth]
May 12 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Failed password for root from 117.40.119.252 port 56865 ssh2
May 12 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Connection closed by 117.40.119.252 port 56865 [preauth]
May 12 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9872]: pam_unix(cron:session): session closed for user root
May 12 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6504]: pam_unix(cron:session): session closed for user root
May 12 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9871]: pam_unix(cron:session): session closed for user samftp
May 12 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: Failed password for root from 209.38.21.233 port 54670 ssh2
May 12 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: Connection closed by 209.38.21.233 port 54670 [preauth]
May 12 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10128]: Failed password for root from 117.40.119.252 port 58420 ssh2
May 12 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10128]: Connection closed by 117.40.119.252 port 58420 [preauth]
May 12 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Invalid user docker from 209.38.21.233
May 12 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: input_userauth_request: invalid user docker [preauth]
May 12 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: Failed password for root from 117.40.119.252 port 60591 ssh2
May 12 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: Connection closed by 117.40.119.252 port 60591 [preauth]
May 12 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Failed password for invalid user docker from 209.38.21.233 port 54696 ssh2
May 12 12:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Connection closed by 209.38.21.233 port 54696 [preauth]
May 12 12:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: Failed password for root from 117.40.119.252 port 33791 ssh2
May 12 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: Connection closed by 117.40.119.252 port 33791 [preauth]
May 12 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10186]: Invalid user dev from 209.38.21.233
May 12 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10186]: input_userauth_request: invalid user dev [preauth]
May 12 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10186]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10186]: Failed password for invalid user dev from 209.38.21.233 port 51112 ssh2
May 12 12:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10186]: Connection closed by 209.38.21.233 port 51112 [preauth]
May 12 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162  user=root
May 12 12:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10196]: Failed password for root from 206.172.46.162 port 48216 ssh2
May 12 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10196]: Received disconnect from 206.172.46.162 port 48216:11: Bye Bye [preauth]
May 12 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10196]: Disconnected from 206.172.46.162 port 48216 [preauth]
May 12 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: Failed password for root from 209.38.21.233 port 51126 ssh2
May 12 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: Connection closed by 209.38.21.233 port 51126 [preauth]
May 12 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: Failed password for root from 117.40.119.252 port 38042 ssh2
May 12 12:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: Connection closed by 117.40.119.252 port 38042 [preauth]
May 12 12:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10300]: User ftp from 209.38.21.233 not allowed because not listed in AllowUsers
May 12 12:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10300]: input_userauth_request: invalid user ftp [preauth]
May 12 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=ftp
May 12 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10300]: Failed password for invalid user ftp from 209.38.21.233 port 57384 ssh2
May 12 12:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: Failed password for root from 117.40.119.252 port 40208 ssh2
May 12 12:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10300]: Connection closed by 209.38.21.233 port 57384 [preauth]
May 12 12:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: Connection closed by 117.40.119.252 port 40208 [preauth]
May 12 12:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Failed password for root from 209.38.21.233 port 57392 ssh2
May 12 12:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Connection closed by 209.38.21.233 port 57392 [preauth]
May 12 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Failed password for root from 117.40.119.252 port 41665 ssh2
May 12 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Connection closed by 117.40.119.252 port 41665 [preauth]
May 12 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8736]: pam_unix(cron:session): session closed for user root
May 12 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: Failed password for root from 209.38.21.233 port 57408 ssh2
May 12 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: Connection closed by 209.38.21.233 port 57408 [preauth]
May 12 12:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10352]: Failed password for root from 117.40.119.252 port 44772 ssh2
May 12 12:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10352]: Connection closed by 117.40.119.252 port 44772 [preauth]
May 12 12:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: Invalid user niaoyun from 209.38.21.233
May 12 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: input_userauth_request: invalid user niaoyun [preauth]
May 12 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: Failed password for invalid user niaoyun from 209.38.21.233 port 55254 ssh2
May 12 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: Connection closed by 209.38.21.233 port 55254 [preauth]
May 12 12:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: Invalid user admin from 209.38.21.233
May 12 12:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: input_userauth_request: invalid user admin [preauth]
May 12 12:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: Failed password for invalid user admin from 209.38.21.233 port 55268 ssh2
May 12 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: Connection closed by 209.38.21.233 port 55268 [preauth]
May 12 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Failed password for root from 117.40.119.252 port 48968 ssh2
May 12 12:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Connection closed by 117.40.119.252 port 48968 [preauth]
May 12 12:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10410]: Invalid user hadoop from 209.38.21.233
May 12 12:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10410]: input_userauth_request: invalid user hadoop [preauth]
May 12 12:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10410]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10410]: Failed password for invalid user hadoop from 209.38.21.233 port 42408 ssh2
May 12 12:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10410]: Connection closed by 209.38.21.233 port 42408 [preauth]
May 12 12:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: Failed password for root from 117.40.119.252 port 52015 ssh2
May 12 12:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: Connection closed by 117.40.119.252 port 52015 [preauth]
May 12 12:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10424]: Invalid user gitlab from 209.38.21.233
May 12 12:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10424]: input_userauth_request: invalid user gitlab [preauth]
May 12 12:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10424]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10424]: Failed password for invalid user gitlab from 209.38.21.233 port 42416 ssh2
May 12 12:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10424]: Connection closed by 209.38.21.233 port 42416 [preauth]
May 12 12:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10445]: Invalid user postgres from 209.38.21.233
May 12 12:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10445]: input_userauth_request: invalid user postgres [preauth]
May 12 12:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10445]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Failed password for root from 117.40.119.252 port 54098 ssh2
May 12 12:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Connection closed by 117.40.119.252 port 54098 [preauth]
May 12 12:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10445]: Failed password for invalid user postgres from 209.38.21.233 port 45216 ssh2
May 12 12:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10445]: Connection closed by 209.38.21.233 port 45216 [preauth]
May 12 12:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Failed password for root from 117.40.119.252 port 56984 ssh2
May 12 12:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Connection closed by 117.40.119.252 port 56984 [preauth]
May 12 12:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: Invalid user mehdi from 209.38.21.233
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: input_userauth_request: invalid user mehdi [preauth]
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session closed for user p13x
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10535]: Successful su for rubyman by root
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10535]: + ??? root:rubyman
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378956 of user rubyman.
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10535]: pam_unix(su:session): session closed for user rubyman
May 12 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378956.
May 12 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: Failed password for invalid user mehdi from 209.38.21.233 port 45246 ssh2
May 12 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: Connection closed by 209.38.21.233 port 45246 [preauth]
May 12 12:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7072]: pam_unix(cron:session): session closed for user root
May 12 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: User ftp from 209.38.21.233 not allowed because not listed in AllowUsers
May 12 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: input_userauth_request: invalid user ftp [preauth]
May 12 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=ftp
May 12 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session closed for user samftp
May 12 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Failed password for invalid user ftp from 209.38.21.233 port 50698 ssh2
May 12 12:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Connection closed by 209.38.21.233 port 50698 [preauth]
May 12 12:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10781]: Failed password for root from 117.40.119.252 port 60845 ssh2
May 12 12:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10781]: Connection closed by 117.40.119.252 port 60845 [preauth]
May 12 12:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: Failed password for root from 209.38.21.233 port 50706 ssh2
May 12 12:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: Connection closed by 209.38.21.233 port 50706 [preauth]
May 12 12:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: Invalid user nginx from 209.38.21.233
May 12 12:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: input_userauth_request: invalid user nginx [preauth]
May 12 12:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: Failed password for invalid user nginx from 209.38.21.233 port 59176 ssh2
May 12 12:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: Connection closed by 209.38.21.233 port 59176 [preauth]
May 12 12:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Failed password for root from 117.40.119.252 port 37096 ssh2
May 12 12:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Connection closed by 117.40.119.252 port 37096 [preauth]
May 12 12:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Invalid user demo from 209.38.21.233
May 12 12:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: input_userauth_request: invalid user demo [preauth]
May 12 12:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Failed password for invalid user demo from 209.38.21.233 port 59190 ssh2
May 12 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Connection closed by 209.38.21.233 port 59190 [preauth]
May 12 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: Failed password for root from 117.40.119.252 port 38427 ssh2
May 12 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: Connection closed by 117.40.119.252 port 38427 [preauth]
May 12 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Invalid user flink from 209.38.21.233
May 12 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: input_userauth_request: invalid user flink [preauth]
May 12 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Failed password for root from 117.40.119.252 port 40522 ssh2
May 12 12:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Connection closed by 117.40.119.252 port 40522 [preauth]
May 12 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Failed password for invalid user flink from 209.38.21.233 port 59202 ssh2
May 12 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Connection closed by 209.38.21.233 port 59202 [preauth]
May 12 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Invalid user minecraft from 209.38.21.233
May 12 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: input_userauth_request: invalid user minecraft [preauth]
May 12 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Failed password for invalid user minecraft from 209.38.21.233 port 59516 ssh2
May 12 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Connection closed by 209.38.21.233 port 59516 [preauth]
May 12 12:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: Failed password for root from 117.40.119.252 port 44294 ssh2
May 12 12:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: Connection closed by 117.40.119.252 port 44294 [preauth]
May 12 12:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9328]: pam_unix(cron:session): session closed for user root
May 12 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Failed password for root from 209.38.21.233 port 59524 ssh2
May 12 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Failed password for root from 117.40.119.252 port 45960 ssh2
May 12 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Connection closed by 209.38.21.233 port 59524 [preauth]
May 12 12:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Connection closed by 117.40.119.252 port 45960 [preauth]
May 12 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Failed password for root from 117.40.119.252 port 47230 ssh2
May 12 12:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: Failed password for root from 209.38.21.233 port 43354 ssh2
May 12 12:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Connection closed by 117.40.119.252 port 47230 [preauth]
May 12 12:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: Connection closed by 209.38.21.233 port 43354 [preauth]
May 12 12:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Invalid user dolphinscheduler from 209.38.21.233
May 12 12:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 12:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Failed password for invalid user dolphinscheduler from 209.38.21.233 port 43360 ssh2
May 12 12:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Connection closed by 209.38.21.233 port 43360 [preauth]
May 12 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: Failed password for root from 117.40.119.252 port 49193 ssh2
May 12 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: Connection closed by 117.40.119.252 port 49193 [preauth]
May 12 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Invalid user plexserver from 209.38.21.233
May 12 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: input_userauth_request: invalid user plexserver [preauth]
May 12 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Failed password for invalid user plexserver from 209.38.21.233 port 54770 ssh2
May 12 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Connection closed by 209.38.21.233 port 54770 [preauth]
May 12 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Failed password for root from 117.40.119.252 port 52278 ssh2
May 12 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Connection closed by 117.40.119.252 port 52278 [preauth]
May 12 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Invalid user esearch from 209.38.21.233
May 12 12:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: input_userauth_request: invalid user esearch [preauth]
May 12 12:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Failed password for invalid user esearch from 209.38.21.233 port 54782 ssh2
May 12 12:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Connection closed by 209.38.21.233 port 54782 [preauth]
May 12 12:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: Failed password for root from 117.40.119.252 port 54515 ssh2
May 12 12:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: Connection closed by 117.40.119.252 port 54515 [preauth]
May 12 12:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: Invalid user elasticsearch from 209.38.21.233
May 12 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: input_userauth_request: invalid user elasticsearch [preauth]
May 12 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: Failed password for root from 117.40.119.252 port 56221 ssh2
May 12 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: Connection closed by 117.40.119.252 port 56221 [preauth]
May 12 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: Failed password for invalid user elasticsearch from 209.38.21.233 port 60470 ssh2
May 12 12:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: Connection closed by 209.38.21.233 port 60470 [preauth]
May 12 12:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10966]: Failed password for root from 117.40.119.252 port 57865 ssh2
May 12 12:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10966]: Connection closed by 117.40.119.252 port 57865 [preauth]
May 12 12:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: Invalid user jenkins from 209.38.21.233
May 12 12:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: input_userauth_request: invalid user jenkins [preauth]
May 12 12:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: Failed password for invalid user jenkins from 209.38.21.233 port 60474 ssh2
May 12 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10984]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10983]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10981]: pam_unix(cron:session): session closed for user p13x
May 12 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: Connection closed by 209.38.21.233 port 60474 [preauth]
May 12 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11043]: Successful su for rubyman by root
May 12 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11043]: + ??? root:rubyman
May 12 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378960 of user rubyman.
May 12 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11043]: pam_unix(su:session): session closed for user rubyman
May 12 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378960.
May 12 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Failed password for root from 117.40.119.252 port 59359 ssh2
May 12 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Connection closed by 117.40.119.252 port 59359 [preauth]
May 12 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11126]: Invalid user sonar from 209.38.21.233
May 12 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11126]: input_userauth_request: invalid user sonar [preauth]
May 12 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11126]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7743]: pam_unix(cron:session): session closed for user root
May 12 12:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11126]: Failed password for invalid user sonar from 209.38.21.233 port 60490 ssh2
May 12 12:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11126]: Connection closed by 209.38.21.233 port 60490 [preauth]
May 12 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10982]: pam_unix(cron:session): session closed for user samftp
May 12 12:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: Invalid user system from 209.38.21.233
May 12 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: input_userauth_request: invalid user system [preauth]
May 12 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Failed password for root from 117.40.119.252 port 33093 ssh2
May 12 12:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Connection closed by 117.40.119.252 port 33093 [preauth]
May 12 12:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: Failed password for invalid user system from 209.38.21.233 port 33150 ssh2
May 12 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: Connection closed by 209.38.21.233 port 33150 [preauth]
May 12 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11245]: Failed password for root from 117.40.119.252 port 36072 ssh2
May 12 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11245]: Connection closed by 117.40.119.252 port 36072 [preauth]
May 12 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: Invalid user gitlab-runner from 209.38.21.233
May 12 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: input_userauth_request: invalid user gitlab-runner [preauth]
May 12 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: Failed password for invalid user gitlab-runner from 209.38.21.233 port 33156 ssh2
May 12 12:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: Connection closed by 209.38.21.233 port 33156 [preauth]
May 12 12:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: Failed password for root from 117.40.119.252 port 37790 ssh2
May 12 12:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: Connection closed by 117.40.119.252 port 37790 [preauth]
May 12 12:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Invalid user factorio from 209.38.21.233
May 12 12:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: input_userauth_request: invalid user factorio [preauth]
May 12 12:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Failed password for invalid user factorio from 209.38.21.233 port 47998 ssh2
May 12 12:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Connection closed by 209.38.21.233 port 47998 [preauth]
May 12 12:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Invalid user vagrant from 209.38.21.233
May 12 12:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: input_userauth_request: invalid user vagrant [preauth]
May 12 12:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Failed password for root from 117.40.119.252 port 39530 ssh2
May 12 12:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Connection closed by 117.40.119.252 port 39530 [preauth]
May 12 12:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Failed password for invalid user vagrant from 209.38.21.233 port 48006 ssh2
May 12 12:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Connection closed by 209.38.21.233 port 48006 [preauth]
May 12 12:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Failed password for root from 117.40.119.252 port 42620 ssh2
May 12 12:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Connection closed by 117.40.119.252 port 42620 [preauth]
May 12 12:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Invalid user oracle from 209.38.21.233
May 12 12:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: input_userauth_request: invalid user oracle [preauth]
May 12 12:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Failed password for invalid user oracle from 209.38.21.233 port 33590 ssh2
May 12 12:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Connection closed by 209.38.21.233 port 33590 [preauth]
May 12 12:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: Failed password for root from 117.40.119.252 port 44116 ssh2
May 12 12:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: Connection closed by 117.40.119.252 port 44116 [preauth]
May 12 12:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: Invalid user samba from 209.38.21.233
May 12 12:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: input_userauth_request: invalid user samba [preauth]
May 12 12:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11315]: Failed password for root from 117.40.119.252 port 45747 ssh2
May 12 12:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11315]: Connection closed by 117.40.119.252 port 45747 [preauth]
May 12 12:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: Failed password for invalid user samba from 209.38.21.233 port 33606 ssh2
May 12 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: Connection closed by 209.38.21.233 port 33606 [preauth]
May 12 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9874]: pam_unix(cron:session): session closed for user root
May 12 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Invalid user deploy from 209.38.21.233
May 12 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: input_userauth_request: invalid user deploy [preauth]
May 12 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: Failed password for root from 117.40.119.252 port 47392 ssh2
May 12 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: Connection closed by 117.40.119.252 port 47392 [preauth]
May 12 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Failed password for invalid user deploy from 209.38.21.233 port 48356 ssh2
May 12 12:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Connection closed by 209.38.21.233 port 48356 [preauth]
May 12 12:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Failed password for root from 117.40.119.252 port 48937 ssh2
May 12 12:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Connection closed by 117.40.119.252 port 48937 [preauth]
May 12 12:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Failed password for root from 209.38.21.233 port 48358 ssh2
May 12 12:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for root from 117.40.119.252 port 50503 ssh2
May 12 12:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Connection closed by 209.38.21.233 port 48358 [preauth]
May 12 12:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Connection closed by 117.40.119.252 port 50503 [preauth]
May 12 12:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Invalid user fastuser from 209.38.21.233
May 12 12:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: input_userauth_request: invalid user fastuser [preauth]
May 12 12:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: Failed password for root from 117.40.119.252 port 52125 ssh2
May 12 12:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: Connection closed by 117.40.119.252 port 52125 [preauth]
May 12 12:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Failed password for invalid user fastuser from 209.38.21.233 port 47280 ssh2
May 12 12:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Connection closed by 209.38.21.233 port 47280 [preauth]
May 12 12:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Failed password for root from 117.40.119.252 port 53767 ssh2
May 12 12:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Invalid user appuser from 209.38.21.233
May 12 12:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: input_userauth_request: invalid user appuser [preauth]
May 12 12:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Connection closed by 117.40.119.252 port 53767 [preauth]
May 12 12:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Failed password for invalid user appuser from 209.38.21.233 port 47296 ssh2
May 12 12:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Connection closed by 209.38.21.233 port 47296 [preauth]
May 12 12:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11403]: Failed password for root from 117.40.119.252 port 55224 ssh2
May 12 12:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11403]: Connection closed by 117.40.119.252 port 55224 [preauth]
May 12 12:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Invalid user media from 209.38.21.233
May 12 12:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: input_userauth_request: invalid user media [preauth]
May 12 12:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Failed password for root from 117.40.119.252 port 56736 ssh2
May 12 12:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Connection closed by 117.40.119.252 port 56736 [preauth]
May 12 12:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Failed password for invalid user media from 209.38.21.233 port 47314 ssh2
May 12 12:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Connection closed by 209.38.21.233 port 47314 [preauth]
May 12 12:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Failed password for root from 117.40.119.252 port 58543 ssh2
May 12 12:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Connection closed by 117.40.119.252 port 58543 [preauth]
May 12 12:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Failed password for root from 209.38.21.233 port 45302 ssh2
May 12 12:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Connection closed by 209.38.21.233 port 45302 [preauth]
May 12 12:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11445]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11446]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11443]: pam_unix(cron:session): session closed for user p13x
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11513]: Successful su for rubyman by root
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11513]: + ??? root:rubyman
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378965 of user rubyman.
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11513]: pam_unix(su:session): session closed for user rubyman
May 12 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378965.
May 12 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: Invalid user test from 209.38.21.233
May 12 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: input_userauth_request: invalid user test [preauth]
May 12 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11430]: Failed password for root from 117.40.119.252 port 60405 ssh2
May 12 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11430]: Connection closed by 117.40.119.252 port 60405 [preauth]
May 12 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8248]: pam_unix(cron:session): session closed for user root
May 12 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: Failed password for invalid user test from 209.38.21.233 port 45308 ssh2
May 12 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: Connection closed by 209.38.21.233 port 45308 [preauth]
May 12 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: Failed password for root from 117.40.119.252 port 33818 ssh2
May 12 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: Connection closed by 117.40.119.252 port 33818 [preauth]
May 12 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11444]: pam_unix(cron:session): session closed for user samftp
May 12 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Invalid user git from 209.38.21.233
May 12 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: input_userauth_request: invalid user git [preauth]
May 12 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Failed password for invalid user git from 209.38.21.233 port 41862 ssh2
May 12 12:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Connection closed by 209.38.21.233 port 41862 [preauth]
May 12 12:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: Failed password for root from 117.40.119.252 port 35386 ssh2
May 12 12:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: Connection closed by 117.40.119.252 port 35386 [preauth]
May 12 12:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11704]: Invalid user guest from 209.38.21.233
May 12 12:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11704]: input_userauth_request: invalid user guest [preauth]
May 12 12:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11704]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11704]: Failed password for invalid user guest from 209.38.21.233 port 41876 ssh2
May 12 12:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11704]: Connection closed by 209.38.21.233 port 41876 [preauth]
May 12 12:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: Invalid user es from 209.38.21.233
May 12 12:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: input_userauth_request: invalid user es [preauth]
May 12 12:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11720]: Failed password for root from 117.40.119.252 port 37523 ssh2
May 12 12:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11720]: Connection closed by 117.40.119.252 port 37523 [preauth]
May 12 12:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: Failed password for invalid user es from 209.38.21.233 port 54934 ssh2
May 12 12:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: Connection closed by 209.38.21.233 port 54934 [preauth]
May 12 12:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: Invalid user www from 209.38.21.233
May 12 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: input_userauth_request: invalid user www [preauth]
May 12 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: Failed password for invalid user www from 209.38.21.233 port 54936 ssh2
May 12 12:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: Connection closed by 209.38.21.233 port 54936 [preauth]
May 12 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Failed password for root from 117.40.119.252 port 40635 ssh2
May 12 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Connection closed by 117.40.119.252 port 40635 [preauth]
May 12 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Invalid user bigdata from 209.38.21.233
May 12 12:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: input_userauth_request: invalid user bigdata [preauth]
May 12 12:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: Failed password for root from 117.40.119.252 port 43910 ssh2
May 12 12:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: Connection closed by 117.40.119.252 port 43910 [preauth]
May 12 12:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Failed password for invalid user bigdata from 209.38.21.233 port 37174 ssh2
May 12 12:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Connection closed by 209.38.21.233 port 37174 [preauth]
May 12 12:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: Invalid user flask from 209.38.21.233
May 12 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: input_userauth_request: invalid user flask [preauth]
May 12 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: Failed password for root from 117.40.119.252 port 45410 ssh2
May 12 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: Connection closed by 117.40.119.252 port 45410 [preauth]
May 12 12:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: Failed password for invalid user flask from 209.38.21.233 port 37196 ssh2
May 12 12:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: Connection closed by 209.38.21.233 port 37196 [preauth]
May 12 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session closed for user root
May 12 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11784]: Failed password for root from 117.40.119.252 port 47372 ssh2
May 12 12:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11784]: Connection closed by 117.40.119.252 port 47372 [preauth]
May 12 12:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Failed password for root from 209.38.21.233 port 37224 ssh2
May 12 12:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Connection closed by 209.38.21.233 port 37224 [preauth]
May 12 12:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.220.130.160  user=root
May 12 12:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: Invalid user server from 209.38.21.233
May 12 12:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: input_userauth_request: invalid user server [preauth]
May 12 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: Failed password for root from 165.220.130.160 port 44118 ssh2
May 12 12:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: Failed password for invalid user server from 209.38.21.233 port 49138 ssh2
May 12 12:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: Connection closed by 209.38.21.233 port 49138 [preauth]
May 12 12:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: Connection closed by 165.220.130.160 port 44118 [preauth]
May 12 12:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: Failed password for root from 117.40.119.252 port 49350 ssh2
May 12 12:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: Connection closed by 117.40.119.252 port 49350 [preauth]
May 12 12:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: Invalid user ftpuser from 209.38.21.233
May 12 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: input_userauth_request: invalid user ftpuser [preauth]
May 12 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.124.151.27  user=root
May 12 12:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: Failed password for invalid user ftpuser from 209.38.21.233 port 49146 ssh2
May 12 12:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11837]: Failed password for root from 117.40.119.252 port 52581 ssh2
May 12 12:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11837]: Connection closed by 117.40.119.252 port 52581 [preauth]
May 12 12:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Failed password for root from 49.124.151.27 port 54702 ssh2
May 12 12:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: Connection closed by 209.38.21.233 port 49146 [preauth]
May 12 12:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Connection closed by 49.124.151.27 port 54702 [preauth]
May 12 12:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: Invalid user server from 209.38.21.233
May 12 12:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: input_userauth_request: invalid user server [preauth]
May 12 12:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: Failed password for invalid user server from 209.38.21.233 port 41616 ssh2
May 12 12:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: Connection closed by 209.38.21.233 port 41616 [preauth]
May 12 12:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Invalid user pi from 209.38.21.233
May 12 12:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: input_userauth_request: invalid user pi [preauth]
May 12 12:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: Failed password for root from 117.40.119.252 port 54316 ssh2
May 12 12:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: Connection closed by 117.40.119.252 port 54316 [preauth]
May 12 12:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Failed password for invalid user pi from 209.38.21.233 port 41622 ssh2
May 12 12:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Connection closed by 209.38.21.233 port 41622 [preauth]
May 12 12:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Failed password for root from 117.40.119.252 port 57491 ssh2
May 12 12:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Connection closed by 117.40.119.252 port 57491 [preauth]
May 12 12:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: Failed password for root from 209.38.21.233 port 59576 ssh2
May 12 12:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: Connection closed by 209.38.21.233 port 59576 [preauth]
May 12 12:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Failed password for root from 117.40.119.252 port 59270 ssh2
May 12 12:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Connection closed by 117.40.119.252 port 59270 [preauth]
May 12 12:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: Invalid user guest from 209.38.21.233
May 12 12:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: input_userauth_request: invalid user guest [preauth]
May 12 12:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11906]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11903]: pam_unix(cron:session): session closed for user p13x
May 12 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11963]: Successful su for rubyman by root
May 12 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11963]: + ??? root:rubyman
May 12 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378969 of user rubyman.
May 12 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11963]: pam_unix(su:session): session closed for user rubyman
May 12 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378969.
May 12 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: Failed password for invalid user guest from 209.38.21.233 port 59584 ssh2
May 12 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: Connection closed by 209.38.21.233 port 59584 [preauth]
May 12 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8735]: pam_unix(cron:session): session closed for user root
May 12 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: Invalid user deploy from 209.38.21.233
May 12 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: input_userauth_request: invalid user deploy [preauth]
May 12 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: Failed password for root from 117.40.119.252 port 32824 ssh2
May 12 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: Connection closed by 117.40.119.252 port 32824 [preauth]
May 12 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session closed for user samftp
May 12 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: Failed password for invalid user deploy from 209.38.21.233 port 40946 ssh2
May 12 12:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: Connection closed by 209.38.21.233 port 40946 [preauth]
May 12 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Failed password for root from 117.40.119.252 port 35779 ssh2
May 12 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Connection closed by 117.40.119.252 port 35779 [preauth]
May 12 12:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: Failed password for root from 209.38.21.233 port 40956 ssh2
May 12 12:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: Connection closed by 209.38.21.233 port 40956 [preauth]
May 12 12:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: Failed password for root from 117.40.119.252 port 37365 ssh2
May 12 12:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: Connection closed by 117.40.119.252 port 37365 [preauth]
May 12 12:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Invalid user postgres from 209.38.21.233
May 12 12:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: input_userauth_request: invalid user postgres [preauth]
May 12 12:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Failed password for invalid user postgres from 209.38.21.233 port 40968 ssh2
May 12 12:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: Failed password for root from 117.40.119.252 port 39480 ssh2
May 12 12:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Connection closed by 209.38.21.233 port 40968 [preauth]
May 12 12:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: Connection closed by 117.40.119.252 port 39480 [preauth]
May 12 12:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12184]: Failed password for root from 209.38.21.233 port 43122 ssh2
May 12 12:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12184]: Connection closed by 209.38.21.233 port 43122 [preauth]
May 12 12:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Invalid user rancher from 209.38.21.233
May 12 12:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: input_userauth_request: invalid user rancher [preauth]
May 12 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: Failed password for root from 117.40.119.252 port 41088 ssh2
May 12 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: Connection closed by 117.40.119.252 port 41088 [preauth]
May 12 12:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Failed password for invalid user rancher from 209.38.21.233 port 43140 ssh2
May 12 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Connection closed by 209.38.21.233 port 43140 [preauth]
May 12 12:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: Failed password for root from 117.40.119.252 port 44249 ssh2
May 12 12:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12221]: Invalid user postgres from 209.38.21.233
May 12 12:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12221]: input_userauth_request: invalid user postgres [preauth]
May 12 12:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: Connection closed by 117.40.119.252 port 44249 [preauth]
May 12 12:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12221]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12221]: Failed password for invalid user postgres from 209.38.21.233 port 38002 ssh2
May 12 12:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12221]: Connection closed by 209.38.21.233 port 38002 [preauth]
May 12 12:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: Failed password for root from 218.92.0.179 port 58097 ssh2
May 12 12:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12226]: Failed password for root from 117.40.119.252 port 46401 ssh2
May 12 12:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12226]: Connection closed by 117.40.119.252 port 46401 [preauth]
May 12 12:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: Failed password for root from 218.92.0.179 port 58097 ssh2
May 12 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10984]: pam_unix(cron:session): session closed for user root
May 12 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Failed password for root from 209.38.21.233 port 38012 ssh2
May 12 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Connection closed by 209.38.21.233 port 38012 [preauth]
May 12 12:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: Failed password for root from 218.92.0.179 port 58097 ssh2
May 12 12:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: Received disconnect from 218.92.0.179 port 58097:11:  [preauth]
May 12 12:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: Disconnected from 218.92.0.179 port 58097 [preauth]
May 12 12:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12262]: Failed password for root from 117.40.119.252 port 48614 ssh2
May 12 12:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12262]: Connection closed by 117.40.119.252 port 48614 [preauth]
May 12 12:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12264]: Failed password for root from 209.38.21.233 port 42302 ssh2
May 12 12:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12264]: Connection closed by 209.38.21.233 port 42302 [preauth]
May 12 12:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12277]: Invalid user dev from 209.38.21.233
May 12 12:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12277]: input_userauth_request: invalid user dev [preauth]
May 12 12:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12277]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Failed password for root from 117.40.119.252 port 51569 ssh2
May 12 12:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Connection closed by 117.40.119.252 port 51569 [preauth]
May 12 12:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12277]: Failed password for invalid user dev from 209.38.21.233 port 42318 ssh2
May 12 12:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12277]: Connection closed by 209.38.21.233 port 42318 [preauth]
May 12 12:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Invalid user minecraft from 209.38.21.233
May 12 12:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: input_userauth_request: invalid user minecraft [preauth]
May 12 12:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: Failed password for root from 117.40.119.252 port 53118 ssh2
May 12 12:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: Connection closed by 117.40.119.252 port 53118 [preauth]
May 12 12:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Failed password for invalid user minecraft from 209.38.21.233 port 45794 ssh2
May 12 12:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Connection closed by 209.38.21.233 port 45794 [preauth]
May 12 12:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: Failed password for root from 117.40.119.252 port 55232 ssh2
May 12 12:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: Connection closed by 117.40.119.252 port 55232 [preauth]
May 12 12:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Failed password for root from 209.38.21.233 port 45816 ssh2
May 12 12:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Connection closed by 209.38.21.233 port 45816 [preauth]
May 12 12:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Failed password for root from 117.40.119.252 port 56638 ssh2
May 12 12:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Connection closed by 117.40.119.252 port 56638 [preauth]
May 12 12:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233  user=root
May 12 12:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12347]: Failed password for root from 209.38.21.233 port 40124 ssh2
May 12 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Failed password for root from 117.40.119.252 port 58817 ssh2
May 12 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12347]: Connection closed by 209.38.21.233 port 40124 [preauth]
May 12 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Connection closed by 117.40.119.252 port 58817 [preauth]
May 12 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: Invalid user hive from 209.38.21.233
May 12 12:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: input_userauth_request: invalid user hive [preauth]
May 12 12:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Failed password for root from 117.40.119.252 port 60473 ssh2
May 12 12:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Connection closed by 117.40.119.252 port 60473 [preauth]
May 12 12:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12371]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12372]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12372]: pam_unix(cron:session): session closed for user root
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session closed for user p13x
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: Failed password for invalid user hive from 209.38.21.233 port 40130 ssh2
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: Connection closed by 209.38.21.233 port 40130 [preauth]
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12434]: Successful su for rubyman by root
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12434]: + ??? root:rubyman
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378976 of user rubyman.
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12434]: pam_unix(su:session): session closed for user rubyman
May 12 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378976.
May 12 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: Invalid user bot from 209.38.21.233
May 12 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: input_userauth_request: invalid user bot [preauth]
May 12 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Failed password for root from 117.40.119.252 port 33660 ssh2
May 12 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Connection closed by 117.40.119.252 port 33660 [preauth]
May 12 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session closed for user root
May 12 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9327]: pam_unix(cron:session): session closed for user root
May 12 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: Failed password for invalid user bot from 209.38.21.233 port 40142 ssh2
May 12 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: Connection closed by 209.38.21.233 port 40142 [preauth]
May 12 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12368]: pam_unix(cron:session): session closed for user samftp
May 12 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: Invalid user user from 209.38.21.233
May 12 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: input_userauth_request: invalid user user [preauth]
May 12 12:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.21.233
May 12 12:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: Failed password for invalid user user from 209.38.21.233 port 44560 ssh2
May 12 12:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: Failed password for root from 117.40.119.252 port 35726 ssh2
May 12 12:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: Connection closed by 209.38.21.233 port 44560 [preauth]
May 12 12:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: Connection closed by 117.40.119.252 port 35726 [preauth]
May 12 12:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12649]: Failed password for root from 117.40.119.252 port 38670 ssh2
May 12 12:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12649]: Connection closed by 117.40.119.252 port 38670 [preauth]
May 12 12:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12673]: Invalid user paul from 206.172.46.162
May 12 12:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12673]: input_userauth_request: invalid user paul [preauth]
May 12 12:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12673]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162
May 12 12:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12673]: Failed password for invalid user paul from 206.172.46.162 port 44005 ssh2
May 12 12:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12673]: Received disconnect from 206.172.46.162 port 44005:11: Bye Bye [preauth]
May 12 12:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12673]: Disconnected from 206.172.46.162 port 44005 [preauth]
May 12 12:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12658]: Failed password for root from 117.40.119.252 port 40368 ssh2
May 12 12:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12658]: Connection closed by 117.40.119.252 port 40368 [preauth]
May 12 12:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12676]: Failed password for root from 117.40.119.252 port 42217 ssh2
May 12 12:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12676]: Connection closed by 117.40.119.252 port 42217 [preauth]
May 12 12:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Failed password for root from 117.40.119.252 port 43886 ssh2
May 12 12:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Connection closed by 117.40.119.252 port 43886 [preauth]
May 12 12:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: Failed password for root from 117.40.119.252 port 45505 ssh2
May 12 12:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: Connection closed by 117.40.119.252 port 45505 [preauth]
May 12 12:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Failed password for root from 117.40.119.252 port 48078 ssh2
May 12 12:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Connection closed by 117.40.119.252 port 48078 [preauth]
May 12 12:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11446]: pam_unix(cron:session): session closed for user root
May 12 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May 12 12:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: Failed password for root from 117.40.119.252 port 49601 ssh2
May 12 12:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: Connection closed by 117.40.119.252 port 49601 [preauth]
May 12 12:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Failed password for root from 218.92.0.208 port 31970 ssh2
May 12 12:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Failed password for root from 117.40.119.252 port 51252 ssh2
May 12 12:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Connection closed by 117.40.119.252 port 51252 [preauth]
May 12 12:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Failed password for root from 117.40.119.252 port 53446 ssh2
May 12 12:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Connection closed by 117.40.119.252 port 53446 [preauth]
May 12 12:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: Failed password for root from 117.40.119.252 port 55309 ssh2
May 12 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: Connection closed by 117.40.119.252 port 55309 [preauth]
May 12 12:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May 12 12:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Invalid user gamemaster from 156.251.24.166
May 12 12:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: input_userauth_request: invalid user gamemaster [preauth]
May 12 12:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 12:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: Failed password for root from 218.92.0.208 port 60046 ssh2
May 12 12:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 12:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Failed password for invalid user gamemaster from 156.251.24.166 port 58478 ssh2
May 12 12:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Received disconnect from 156.251.24.166 port 58478:11: Bye Bye [preauth]
May 12 12:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Disconnected from 156.251.24.166 port 58478 [preauth]
May 12 12:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Failed password for root from 117.40.119.252 port 59835 ssh2
May 12 12:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Connection closed by 117.40.119.252 port 59835 [preauth]
May 12 12:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: Failed password for root from 80.94.95.125 port 15024 ssh2
May 12 12:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: Received disconnect from 80.94.95.125 port 15024:11: Bye [preauth]
May 12 12:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: Disconnected from 80.94.95.125 port 15024 [preauth]
May 12 12:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12825]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12826]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12823]: pam_unix(cron:session): session closed for user p13x
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12889]: Successful su for rubyman by root
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12889]: + ??? root:rubyman
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378978 of user rubyman.
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12889]: pam_unix(su:session): session closed for user rubyman
May 12 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378978.
May 12 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: Failed password for root from 117.40.119.252 port 34796 ssh2
May 12 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: Connection closed by 117.40.119.252 port 34796 [preauth]
May 12 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9873]: pam_unix(cron:session): session closed for user root
May 12 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: Failed password for root from 117.40.119.252 port 36870 ssh2
May 12 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12824]: pam_unix(cron:session): session closed for user samftp
May 12 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: Connection closed by 117.40.119.252 port 36870 [preauth]
May 12 12:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: Failed password for root from 117.40.119.252 port 38446 ssh2
May 12 12:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: Connection closed by 117.40.119.252 port 38446 [preauth]
May 12 12:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: Failed password for root from 117.40.119.252 port 41519 ssh2
May 12 12:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: Connection closed by 117.40.119.252 port 41519 [preauth]
May 12 12:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Failed password for root from 117.40.119.252 port 43585 ssh2
May 12 12:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Connection closed by 117.40.119.252 port 43585 [preauth]
May 12 12:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: Failed password for root from 117.40.119.252 port 45080 ssh2
May 12 12:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: Connection closed by 117.40.119.252 port 45080 [preauth]
May 12 12:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: Failed password for root from 117.40.119.252 port 46623 ssh2
May 12 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: Connection closed by 117.40.119.252 port 46623 [preauth]
May 12 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Failed password for root from 117.40.119.252 port 48140 ssh2
May 12 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Connection closed by 117.40.119.252 port 48140 [preauth]
May 12 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: Failed password for root from 117.40.119.252 port 49619 ssh2
May 12 12:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: Connection closed by 117.40.119.252 port 49619 [preauth]
May 12 12:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11906]: pam_unix(cron:session): session closed for user root
May 12 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13167]: Failed password for root from 117.40.119.252 port 51243 ssh2
May 12 12:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13167]: Connection closed by 117.40.119.252 port 51243 [preauth]
May 12 12:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13191]: Failed password for root from 117.40.119.252 port 53138 ssh2
May 12 12:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13191]: Connection closed by 117.40.119.252 port 53138 [preauth]
May 12 12:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Failed password for root from 117.40.119.252 port 54489 ssh2
May 12 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Connection closed by 117.40.119.252 port 54489 [preauth]
May 12 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: Failed password for root from 117.40.119.252 port 56397 ssh2
May 12 12:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: Connection closed by 117.40.119.252 port 56397 [preauth]
May 12 12:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: Failed password for root from 117.40.119.252 port 57985 ssh2
May 12 12:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: Connection closed by 117.40.119.252 port 57985 [preauth]
May 12 12:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13229]: Failed password for root from 117.40.119.252 port 60039 ssh2
May 12 12:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13229]: Connection closed by 117.40.119.252 port 60039 [preauth]
May 12 12:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Failed password for root from 117.40.119.252 port 33786 ssh2
May 12 12:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Connection closed by 117.40.119.252 port 33786 [preauth]
May 12 12:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Failed password for root from 117.40.119.252 port 35613 ssh2
May 12 12:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Connection closed by 117.40.119.252 port 35613 [preauth]
May 12 12:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13265]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13268]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13263]: pam_unix(cron:session): session closed for user p13x
May 12 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for root from 117.40.119.252 port 37054 ssh2
May 12 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Connection closed by 117.40.119.252 port 37054 [preauth]
May 12 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13331]: Successful su for rubyman by root
May 12 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13331]: + ??? root:rubyman
May 12 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378985 of user rubyman.
May 12 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13331]: pam_unix(su:session): session closed for user rubyman
May 12 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378985.
May 12 12:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session closed for user root
May 12 12:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13264]: pam_unix(cron:session): session closed for user samftp
May 12 12:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Failed password for root from 117.40.119.252 port 40849 ssh2
May 12 12:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Connection closed by 117.40.119.252 port 40849 [preauth]
May 12 12:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Failed password for root from 117.40.119.252 port 44723 ssh2
May 12 12:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Connection closed by 117.40.119.252 port 44723 [preauth]
May 12 12:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: Failed password for root from 117.40.119.252 port 46330 ssh2
May 12 12:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: Connection closed by 117.40.119.252 port 46330 [preauth]
May 12 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: Failed password for root from 117.40.119.252 port 47671 ssh2
May 12 12:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: Connection closed by 117.40.119.252 port 47671 [preauth]
May 12 12:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13679]: Failed password for root from 117.40.119.252 port 49715 ssh2
May 12 12:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13679]: Connection closed by 117.40.119.252 port 49715 [preauth]
May 12 12:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12371]: pam_unix(cron:session): session closed for user root
May 12 12:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13723]: Failed password for root from 117.40.119.252 port 55289 ssh2
May 12 12:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13723]: Connection closed by 117.40.119.252 port 55289 [preauth]
May 12 12:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: Failed password for root from 117.40.119.252 port 56731 ssh2
May 12 12:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: Connection closed by 117.40.119.252 port 56731 [preauth]
May 12 12:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: Failed password for root from 117.40.119.252 port 58247 ssh2
May 12 12:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: Connection closed by 117.40.119.252 port 58247 [preauth]
May 12 12:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: Failed password for root from 117.40.119.252 port 59998 ssh2
May 12 12:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: Connection closed by 117.40.119.252 port 59998 [preauth]
May 12 12:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: Failed password for root from 117.40.119.252 port 33448 ssh2
May 12 12:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: Connection closed by 117.40.119.252 port 33448 [preauth]
May 12 12:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13776]: Failed password for root from 117.40.119.252 port 34868 ssh2
May 12 12:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13776]: Connection closed by 117.40.119.252 port 34868 [preauth]
May 12 12:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: Failed password for root from 117.40.119.252 port 36479 ssh2
May 12 12:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: Connection closed by 117.40.119.252 port 36479 [preauth]
May 12 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13803]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13802]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session closed for user p13x
May 12 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: Successful su for rubyman by root
May 12 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: + ??? root:rubyman
May 12 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378987 of user rubyman.
May 12 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: pam_unix(su:session): session closed for user rubyman
May 12 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378987.
May 12 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10983]: pam_unix(cron:session): session closed for user root
May 12 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: Invalid user fsuser from 50.235.31.47
May 12 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: input_userauth_request: invalid user fsuser [preauth]
May 12 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May 12 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13801]: pam_unix(cron:session): session closed for user samftp
May 12 12:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: Failed password for invalid user fsuser from 50.235.31.47 port 39126 ssh2
May 12 12:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Failed password for root from 117.40.119.252 port 40353 ssh2
May 12 12:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: Connection closed by 50.235.31.47 port 39126 [preauth]
May 12 12:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Connection closed by 117.40.119.252 port 40353 [preauth]
May 12 12:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14052]: Failed password for root from 117.40.119.252 port 41918 ssh2
May 12 12:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14052]: Connection closed by 117.40.119.252 port 41918 [preauth]
May 12 12:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: Failed password for root from 117.40.119.252 port 43587 ssh2
May 12 12:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: Connection closed by 117.40.119.252 port 43587 [preauth]
May 12 12:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Failed password for root from 117.40.119.252 port 45398 ssh2
May 12 12:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Connection closed by 117.40.119.252 port 45398 [preauth]
May 12 12:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14091]: Failed password for root from 117.40.119.252 port 47046 ssh2
May 12 12:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14091]: Connection closed by 117.40.119.252 port 47046 [preauth]
May 12 12:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: Failed password for root from 117.40.119.252 port 50873 ssh2
May 12 12:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: Connection closed by 117.40.119.252 port 50873 [preauth]
May 12 12:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: Failed password for root from 117.40.119.252 port 52507 ssh2
May 12 12:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: Connection closed by 117.40.119.252 port 52507 [preauth]
May 12 12:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12826]: pam_unix(cron:session): session closed for user root
May 12 12:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Failed password for root from 117.40.119.252 port 54170 ssh2
May 12 12:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Connection closed by 117.40.119.252 port 54170 [preauth]
May 12 12:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Failed password for root from 117.40.119.252 port 55773 ssh2
May 12 12:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Connection closed by 117.40.119.252 port 55773 [preauth]
May 12 12:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: Failed password for root from 117.40.119.252 port 57073 ssh2
May 12 12:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: Connection closed by 117.40.119.252 port 57073 [preauth]
May 12 12:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Failed password for root from 117.40.119.252 port 58693 ssh2
May 12 12:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Connection closed by 117.40.119.252 port 58693 [preauth]
May 12 12:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Failed password for root from 117.40.119.252 port 60127 ssh2
May 12 12:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Connection closed by 117.40.119.252 port 60127 [preauth]
May 12 12:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14208]: Failed password for root from 117.40.119.252 port 33441 ssh2
May 12 12:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14208]: Connection closed by 117.40.119.252 port 33441 [preauth]
May 12 12:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Failed password for root from 117.40.119.252 port 35503 ssh2
May 12 12:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Connection closed by 117.40.119.252 port 35503 [preauth]
May 12 12:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: Failed password for root from 117.40.119.252 port 37143 ssh2
May 12 12:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: Connection closed by 117.40.119.252 port 37143 [preauth]
May 12 12:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14238]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14235]: pam_unix(cron:session): session closed for user p13x
May 12 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14299]: Successful su for rubyman by root
May 12 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14299]: + ??? root:rubyman
May 12 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378991 of user rubyman.
May 12 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14299]: pam_unix(su:session): session closed for user rubyman
May 12 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378991.
May 12 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Failed password for root from 117.40.119.252 port 38769 ssh2
May 12 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Connection closed by 117.40.119.252 port 38769 [preauth]
May 12 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11445]: pam_unix(cron:session): session closed for user root
May 12 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14236]: pam_unix(cron:session): session closed for user samftp
May 12 12:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Failed password for root from 117.40.119.252 port 42944 ssh2
May 12 12:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Connection closed by 117.40.119.252 port 42944 [preauth]
May 12 12:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: Failed password for root from 117.40.119.252 port 47101 ssh2
May 12 12:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: Connection closed by 117.40.119.252 port 47101 [preauth]
May 12 12:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: Failed password for root from 117.40.119.252 port 48702 ssh2
May 12 12:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: Connection closed by 117.40.119.252 port 48702 [preauth]
May 12 12:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Failed password for root from 117.40.119.252 port 50525 ssh2
May 12 12:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Connection closed by 117.40.119.252 port 50525 [preauth]
May 12 12:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: Failed password for root from 117.40.119.252 port 52362 ssh2
May 12 12:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: Connection closed by 117.40.119.252 port 52362 [preauth]
May 12 12:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13268]: pam_unix(cron:session): session closed for user root
May 12 12:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Failed password for root from 117.40.119.252 port 56233 ssh2
May 12 12:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Connection closed by 117.40.119.252 port 56233 [preauth]
May 12 12:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Failed password for root from 117.40.119.252 port 58232 ssh2
May 12 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Connection closed by 117.40.119.252 port 58232 [preauth]
May 12 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14629]: Failed password for root from 117.40.119.252 port 59871 ssh2
May 12 12:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14629]: Connection closed by 117.40.119.252 port 59871 [preauth]
May 12 12:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: Failed password for root from 117.40.119.252 port 33357 ssh2
May 12 12:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: Connection closed by 117.40.119.252 port 33357 [preauth]
May 12 12:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: Failed password for root from 117.40.119.252 port 34935 ssh2
May 12 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: Connection closed by 117.40.119.252 port 34935 [preauth]
May 12 12:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14678]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14676]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14679]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14677]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14679]: pam_unix(cron:session): session closed for user root
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14674]: pam_unix(cron:session): session closed for user p13x
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14744]: Successful su for rubyman by root
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14744]: + ??? root:rubyman
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 378994 of user rubyman.
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14744]: pam_unix(su:session): session closed for user rubyman
May 12 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 378994.
May 12 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: Failed password for root from 117.40.119.252 port 39124 ssh2
May 12 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: Connection closed by 117.40.119.252 port 39124 [preauth]
May 12 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session closed for user root
May 12 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14676]: pam_unix(cron:session): session closed for user root
May 12 12:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: Failed password for root from 117.40.119.252 port 40927 ssh2
May 12 12:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: Connection closed by 117.40.119.252 port 40927 [preauth]
May 12 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14675]: pam_unix(cron:session): session closed for user samftp
May 12 12:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Failed password for root from 117.40.119.252 port 42579 ssh2
May 12 12:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Connection closed by 117.40.119.252 port 42579 [preauth]
May 12 12:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162  user=root
May 12 12:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: Failed password for root from 117.40.119.252 port 44180 ssh2
May 12 12:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: Connection closed by 117.40.119.252 port 44180 [preauth]
May 12 12:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Failed password for root from 206.172.46.162 port 40261 ssh2
May 12 12:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Received disconnect from 206.172.46.162 port 40261:11: Bye Bye [preauth]
May 12 12:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Disconnected from 206.172.46.162 port 40261 [preauth]
May 12 12:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: Failed password for root from 117.40.119.252 port 46385 ssh2
May 12 12:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: Connection closed by 117.40.119.252 port 46385 [preauth]
May 12 12:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Failed password for root from 117.40.119.252 port 49658 ssh2
May 12 12:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Connection closed by 117.40.119.252 port 49658 [preauth]
May 12 12:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Failed password for root from 117.40.119.252 port 51195 ssh2
May 12 12:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Connection closed by 117.40.119.252 port 51195 [preauth]
May 12 12:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15042]: Failed password for root from 117.40.119.252 port 53358 ssh2
May 12 12:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15042]: Connection closed by 117.40.119.252 port 53358 [preauth]
May 12 12:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13803]: pam_unix(cron:session): session closed for user root
May 12 12:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Failed password for root from 117.40.119.252 port 55034 ssh2
May 12 12:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Connection closed by 117.40.119.252 port 55034 [preauth]
May 12 12:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Failed password for root from 117.40.119.252 port 56625 ssh2
May 12 12:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Connection closed by 117.40.119.252 port 56625 [preauth]
May 12 12:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: Failed password for root from 117.40.119.252 port 57856 ssh2
May 12 12:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: Connection closed by 117.40.119.252 port 57856 [preauth]
May 12 12:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15085]: Failed password for root from 117.40.119.252 port 59506 ssh2
May 12 12:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15085]: Connection closed by 117.40.119.252 port 59506 [preauth]
May 12 12:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: Failed password for root from 117.40.119.252 port 35522 ssh2
May 12 12:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: Connection closed by 117.40.119.252 port 35522 [preauth]
May 12 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15141]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15142]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15139]: pam_unix(cron:session): session closed for user p13x
May 12 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15204]: Successful su for rubyman by root
May 12 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15204]: + ??? root:rubyman
May 12 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379001 of user rubyman.
May 12 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15204]: pam_unix(su:session): session closed for user rubyman
May 12 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379001.
May 12 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: Failed password for root from 117.40.119.252 port 38693 ssh2
May 12 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: Connection closed by 117.40.119.252 port 38693 [preauth]
May 12 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session closed for user root
May 12 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: Failed password for root from 117.40.119.252 port 42042 ssh2
May 12 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: Connection closed by 117.40.119.252 port 42042 [preauth]
May 12 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15140]: pam_unix(cron:session): session closed for user samftp
May 12 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Failed password for root from 117.40.119.252 port 43576 ssh2
May 12 12:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Connection closed by 117.40.119.252 port 43576 [preauth]
May 12 12:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: Failed password for root from 117.40.119.252 port 44832 ssh2
May 12 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: Connection closed by 117.40.119.252 port 44832 [preauth]
May 12 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15404]: Failed password for root from 117.40.119.252 port 46862 ssh2
May 12 12:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15404]: Connection closed by 117.40.119.252 port 46862 [preauth]
May 12 12:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Failed password for root from 117.40.119.252 port 48242 ssh2
May 12 12:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Connection closed by 117.40.119.252 port 48242 [preauth]
May 12 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: Failed password for root from 117.40.119.252 port 49993 ssh2
May 12 12:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: Connection closed by 117.40.119.252 port 49993 [preauth]
May 12 12:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15439]: Failed password for root from 117.40.119.252 port 51717 ssh2
May 12 12:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15439]: Connection closed by 117.40.119.252 port 51717 [preauth]
May 12 12:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15462]: Failed password for root from 117.40.119.252 port 53063 ssh2
May 12 12:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15462]: Connection closed by 117.40.119.252 port 53063 [preauth]
May 12 12:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15464]: Failed password for root from 117.40.119.252 port 55211 ssh2
May 12 12:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15464]: Connection closed by 117.40.119.252 port 55211 [preauth]
May 12 12:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14238]: pam_unix(cron:session): session closed for user root
May 12 12:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15476]: Failed password for root from 117.40.119.252 port 56479 ssh2
May 12 12:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15476]: Connection closed by 117.40.119.252 port 56479 [preauth]
May 12 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: Failed password for root from 117.40.119.252 port 58025 ssh2
May 12 12:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: Connection closed by 117.40.119.252 port 58025 [preauth]
May 12 12:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.40.119.252  user=root
May 12 12:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15519]: Failed password for root from 117.40.119.252 port 32961 ssh2
May 12 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15571]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15572]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15568]: pam_unix(cron:session): session closed for user p13x
May 12 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15629]: Successful su for rubyman by root
May 12 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15629]: + ??? root:rubyman
May 12 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379005 of user rubyman.
May 12 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15629]: pam_unix(su:session): session closed for user rubyman
May 12 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379005.
May 12 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12825]: pam_unix(cron:session): session closed for user root
May 12 12:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15569]: pam_unix(cron:session): session closed for user samftp
May 12 12:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14678]: pam_unix(cron:session): session closed for user root
May 12 12:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15973]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15972]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session closed for user p13x
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: Successful su for rubyman by root
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: + ??? root:rubyman
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379008 of user rubyman.
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: pam_unix(su:session): session closed for user rubyman
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379008.
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: Invalid user anil from 156.251.24.166
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: input_userauth_request: invalid user anil [preauth]
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: Failed password for invalid user anil from 156.251.24.166 port 41212 ssh2
May 12 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: Received disconnect from 156.251.24.166 port 41212:11: Bye Bye [preauth]
May 12 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: Disconnected from 156.251.24.166 port 41212 [preauth]
May 12 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13265]: pam_unix(cron:session): session closed for user root
May 12 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15971]: pam_unix(cron:session): session closed for user samftp
May 12 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15142]: pam_unix(cron:session): session closed for user root
May 12 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16346]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16344]: pam_unix(cron:session): session closed for user p13x
May 12 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16401]: Successful su for rubyman by root
May 12 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16401]: + ??? root:rubyman
May 12 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379013 of user rubyman.
May 12 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16401]: pam_unix(su:session): session closed for user rubyman
May 12 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379013.
May 12 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13802]: pam_unix(cron:session): session closed for user root
May 12 12:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16345]: pam_unix(cron:session): session closed for user samftp
May 12 12:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 12:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Failed password for root from 218.92.0.228 port 45420 ssh2
May 12 12:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 45420 ssh2]
May 12 12:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Received disconnect from 218.92.0.228 port 45420:11:  [preauth]
May 12 12:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Disconnected from 218.92.0.228 port 45420 [preauth]
May 12 12:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 12:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 12:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: Failed password for root from 218.92.0.228 port 37728 ssh2
May 12 12:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: Failed password for root from 218.92.0.228 port 37728 ssh2
May 12 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15572]: pam_unix(cron:session): session closed for user root
May 12 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: Failed password for root from 218.92.0.228 port 37728 ssh2
May 12 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: Received disconnect from 218.92.0.228 port 37728:11:  [preauth]
May 12 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: Disconnected from 218.92.0.228 port 37728 [preauth]
May 12 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 12:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Failed password for root from 218.92.0.228 port 47074 ssh2
May 12 12:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 47074 ssh2]
May 12 12:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Received disconnect from 218.92.0.228 port 47074:11:  [preauth]
May 12 12:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Disconnected from 218.92.0.228 port 47074 [preauth]
May 12 12:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 12:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May 12 12:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Failed password for root from 218.92.0.230 port 43364 ssh2
May 12 12:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: message repeated 2 times: [ Failed password for root from 218.92.0.230 port 43364 ssh2]
May 12 12:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Received disconnect from 218.92.0.230 port 43364:11:  [preauth]
May 12 12:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Disconnected from 218.92.0.230 port 43364 [preauth]
May 12 12:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May 12 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16808]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16806]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16807]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16808]: pam_unix(cron:session): session closed for user root
May 12 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session closed for user p13x
May 12 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16888]: Successful su for rubyman by root
May 12 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16888]: + ??? root:rubyman
May 12 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379019 of user rubyman.
May 12 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16888]: pam_unix(su:session): session closed for user rubyman
May 12 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379019.
May 12 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session closed for user root
May 12 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session closed for user root
May 12 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162  user=root
May 12 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session closed for user samftp
May 12 12:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Failed password for root from 206.172.46.162 port 36072 ssh2
May 12 12:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Received disconnect from 206.172.46.162 port 36072:11: Bye Bye [preauth]
May 12 12:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Disconnected from 206.172.46.162 port 36072 [preauth]
May 12 12:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15973]: pam_unix(cron:session): session closed for user root
May 12 12:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: Failed password for root from 218.92.0.179 port 16518 ssh2
May 12 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Invalid user admin from 80.94.95.112
May 12 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: input_userauth_request: invalid user admin [preauth]
May 12 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Failed password for invalid user admin from 80.94.95.112 port 29907 ssh2
May 12 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: Failed password for root from 218.92.0.179 port 16518 ssh2
May 12 12:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Failed password for invalid user admin from 80.94.95.112 port 29907 ssh2
May 12 12:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: Failed password for root from 218.92.0.179 port 16518 ssh2
May 12 12:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: Received disconnect from 218.92.0.179 port 16518:11:  [preauth]
May 12 12:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: Disconnected from 218.92.0.179 port 16518 [preauth]
May 12 12:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 12:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May 12 12:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Failed password for invalid user admin from 80.94.95.112 port 29907 ssh2
May 12 12:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Failed password for root from 45.6.188.43 port 51614 ssh2
May 12 12:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Connection closed by 45.6.188.43 port 51614 [preauth]
May 12 12:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Failed password for invalid user admin from 80.94.95.112 port 29907 ssh2
May 12 12:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Failed password for invalid user admin from 80.94.95.112 port 29907 ssh2
May 12 12:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Received disconnect from 80.94.95.112 port 29907:11: Bye [preauth]
May 12 12:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Disconnected from 80.94.95.112 port 29907 [preauth]
May 12 12:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 12:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17280]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17279]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17277]: pam_unix(cron:session): session closed for user p13x
May 12 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17346]: Successful su for rubyman by root
May 12 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17346]: + ??? root:rubyman
May 12 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379022 of user rubyman.
May 12 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17346]: pam_unix(su:session): session closed for user rubyman
May 12 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379022.
May 12 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14677]: pam_unix(cron:session): session closed for user root
May 12 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17278]: pam_unix(cron:session): session closed for user samftp
May 12 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session closed for user root
May 12 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17709]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17710]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17707]: pam_unix(cron:session): session closed for user p13x
May 12 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: Successful su for rubyman by root
May 12 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: + ??? root:rubyman
May 12 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379026 of user rubyman.
May 12 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: pam_unix(su:session): session closed for user rubyman
May 12 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379026.
May 12 12:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15141]: pam_unix(cron:session): session closed for user root
May 12 12:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17708]: pam_unix(cron:session): session closed for user samftp
May 12 12:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Invalid user hoshii from 164.68.105.9
May 12 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: input_userauth_request: invalid user hoshii [preauth]
May 12 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May 12 12:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16807]: pam_unix(cron:session): session closed for user root
May 12 12:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Failed password for invalid user hoshii from 164.68.105.9 port 57032 ssh2
May 12 12:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Connection closed by 164.68.105.9 port 57032 [preauth]
May 12 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18228]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18225]: pam_unix(cron:session): session closed for user p13x
May 12 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18287]: Successful su for rubyman by root
May 12 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18287]: + ??? root:rubyman
May 12 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379031 of user rubyman.
May 12 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18287]: pam_unix(su:session): session closed for user rubyman
May 12 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379031.
May 12 12:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15571]: pam_unix(cron:session): session closed for user root
May 12 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18226]: pam_unix(cron:session): session closed for user samftp
May 12 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17280]: pam_unix(cron:session): session closed for user root
May 12 12:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 12:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Failed password for root from 218.92.0.231 port 59758 ssh2
May 12 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 59758 ssh2]
May 12 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Received disconnect from 218.92.0.231 port 59758:11:  [preauth]
May 12 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Disconnected from 218.92.0.231 port 59758 [preauth]
May 12 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18633]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18634]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18631]: pam_unix(cron:session): session closed for user p13x
May 12 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18693]: Successful su for rubyman by root
May 12 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18693]: + ??? root:rubyman
May 12 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379036 of user rubyman.
May 12 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18693]: pam_unix(su:session): session closed for user rubyman
May 12 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379036.
May 12 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15972]: pam_unix(cron:session): session closed for user root
May 12 12:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18632]: pam_unix(cron:session): session closed for user samftp
May 12 12:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Invalid user jenkins from 80.94.95.125
May 12 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: input_userauth_request: invalid user jenkins [preauth]
May 12 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: pam_unix(sshd:auth): check pass; user unknown
May 12 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 12:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Failed password for invalid user jenkins from 80.94.95.125 port 16199 ssh2
May 12 12:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Received disconnect from 80.94.95.125 port 16199:11: Bye [preauth]
May 12 12:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Disconnected from 80.94.95.125 port 16199 [preauth]
May 12 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17710]: pam_unix(cron:session): session closed for user root
May 12 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19046]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19044]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19042]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19043]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19045]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19042]: pam_unix(cron:session): session closed for user root
May 12 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19046]: pam_unix(cron:session): session closed for user root
May 12 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19039]: pam_unix(cron:session): session closed for user p13x
May 12 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19151]: Successful su for rubyman by root
May 12 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19151]: + ??? root:rubyman
May 12 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379044 of user rubyman.
May 12 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19151]: pam_unix(su:session): session closed for user rubyman
May 12 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379044.
May 12 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Invalid user roman from 206.172.46.162
May 12 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: input_userauth_request: invalid user roman [preauth]
May 12 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162
May 12 13:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166  user=root
May 12 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Failed password for invalid user roman from 206.172.46.162 port 60508 ssh2
May 12 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Received disconnect from 206.172.46.162 port 60508:11: Bye Bye [preauth]
May 12 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Disconnected from 206.172.46.162 port 60508 [preauth]
May 12 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16346]: pam_unix(cron:session): session closed for user root
May 12 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19043]: pam_unix(cron:session): session closed for user root
May 12 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: Failed password for root from 156.251.24.166 port 50634 ssh2
May 12 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: Received disconnect from 156.251.24.166 port 50634:11: Bye Bye [preauth]
May 12 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: Disconnected from 156.251.24.166 port 50634 [preauth]
May 12 13:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session closed for user samftp
May 12 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18228]: pam_unix(cron:session): session closed for user root
May 12 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19590]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19587]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19585]: pam_unix(cron:session): session closed for user p13x
May 12 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19671]: Successful su for rubyman by root
May 12 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19671]: + ??? root:rubyman
May 12 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379045 of user rubyman.
May 12 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19671]: pam_unix(su:session): session closed for user rubyman
May 12 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379045.
May 12 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16806]: pam_unix(cron:session): session closed for user root
May 12 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May 12 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19586]: pam_unix(cron:session): session closed for user samftp
May 12 13:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19792]: Failed password for root from 218.92.0.203 port 64922 ssh2
May 12 13:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18634]: pam_unix(cron:session): session closed for user root
May 12 13:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: Invalid user g from 20.2.154.67
May 12 13:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: input_userauth_request: invalid user g [preauth]
May 12 13:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.2.154.67
May 12 13:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: Failed password for invalid user g from 20.2.154.67 port 49024 ssh2
May 12 13:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: Received disconnect from 20.2.154.67 port 49024:11: Bye Bye [preauth]
May 12 13:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19897]: Disconnected from 20.2.154.67 port 49024 [preauth]
May 12 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20031]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20030]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20026]: pam_unix(cron:session): session closed for user p13x
May 12 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20092]: Successful su for rubyman by root
May 12 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20092]: + ??? root:rubyman
May 12 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379050 of user rubyman.
May 12 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20092]: pam_unix(su:session): session closed for user rubyman
May 12 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379050.
May 12 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17279]: pam_unix(cron:session): session closed for user root
May 12 13:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20029]: pam_unix(cron:session): session closed for user samftp
May 12 13:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19045]: pam_unix(cron:session): session closed for user root
May 12 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20427]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session closed for user p13x
May 12 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20492]: Successful su for rubyman by root
May 12 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20492]: + ??? root:rubyman
May 12 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379053 of user rubyman.
May 12 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20492]: pam_unix(su:session): session closed for user rubyman
May 12 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379053.
May 12 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17709]: pam_unix(cron:session): session closed for user root
May 12 13:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20426]: pam_unix(cron:session): session closed for user samftp
May 12 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19590]: pam_unix(cron:session): session closed for user root
May 12 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20836]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20835]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20832]: pam_unix(cron:session): session closed for user p13x
May 12 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20907]: Successful su for rubyman by root
May 12 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20907]: + ??? root:rubyman
May 12 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379057 of user rubyman.
May 12 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20907]: pam_unix(su:session): session closed for user rubyman
May 12 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379057.
May 12 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18227]: pam_unix(cron:session): session closed for user root
May 12 13:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20833]: pam_unix(cron:session): session closed for user samftp
May 12 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20031]: pam_unix(cron:session): session closed for user root
May 12 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21271]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21271]: pam_unix(cron:session): session closed for user root
May 12 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session closed for user p13x
May 12 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: Successful su for rubyman by root
May 12 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: + ??? root:rubyman
May 12 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379063 of user rubyman.
May 12 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: pam_unix(su:session): session closed for user rubyman
May 12 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379063.
May 12 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session closed for user root
May 12 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162  user=root
May 12 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18633]: pam_unix(cron:session): session closed for user root
May 12 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 13:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: Failed password for root from 206.172.46.162 port 56242 ssh2
May 12 13:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: Received disconnect from 206.172.46.162 port 56242:11: Bye Bye [preauth]
May 12 13:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: Disconnected from 206.172.46.162 port 56242 [preauth]
May 12 13:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session closed for user samftp
May 12 13:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: Failed password for root from 218.92.0.229 port 34506 ssh2
May 12 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 34506 ssh2]
May 12 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: Received disconnect from 218.92.0.229 port 34506:11:  [preauth]
May 12 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: Disconnected from 218.92.0.229 port 34506 [preauth]
May 12 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 13:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Failed password for root from 218.92.0.229 port 53872 ssh2
May 12 13:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Failed password for root from 218.92.0.229 port 53872 ssh2
May 12 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session closed for user root
May 12 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21851]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21850]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21848]: pam_unix(cron:session): session closed for user p13x
May 12 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22117]: Successful su for rubyman by root
May 12 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22117]: + ??? root:rubyman
May 12 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379068 of user rubyman.
May 12 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22117]: pam_unix(su:session): session closed for user rubyman
May 12 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379068.
May 12 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Failed password for root from 218.92.0.179 port 61646 ssh2
May 12 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19044]: pam_unix(cron:session): session closed for user root
May 12 13:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21849]: pam_unix(cron:session): session closed for user samftp
May 12 13:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Failed password for root from 218.92.0.179 port 61646 ssh2
May 12 13:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Failed password for root from 218.92.0.179 port 61646 ssh2
May 12 13:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Received disconnect from 218.92.0.179 port 61646:11:  [preauth]
May 12 13:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Disconnected from 218.92.0.179 port 61646 [preauth]
May 12 13:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: Did not receive identification string from 27.150.180.87
May 12 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20836]: pam_unix(cron:session): session closed for user root
May 12 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22540]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22539]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22536]: pam_unix(cron:session): session closed for user p13x
May 12 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22605]: Successful su for rubyman by root
May 12 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22605]: + ??? root:rubyman
May 12 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379071 of user rubyman.
May 12 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22605]: pam_unix(su:session): session closed for user rubyman
May 12 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379071.
May 12 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19587]: pam_unix(cron:session): session closed for user root
May 12 13:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22538]: pam_unix(cron:session): session closed for user samftp
May 12 13:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: Invalid user kirill from 156.251.24.166
May 12 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: input_userauth_request: invalid user kirill [preauth]
May 12 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 13:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: Failed password for invalid user kirill from 156.251.24.166 port 34456 ssh2
May 12 13:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: Received disconnect from 156.251.24.166 port 34456:11: Bye Bye [preauth]
May 12 13:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: Disconnected from 156.251.24.166 port 34456 [preauth]
May 12 13:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session closed for user root
May 12 13:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Failed password for root from 218.92.0.179 port 38214 ssh2
May 12 13:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Failed password for root from 218.92.0.179 port 38214 ssh2
May 12 13:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Failed password for root from 218.92.0.179 port 38214 ssh2
May 12 13:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Received disconnect from 218.92.0.179 port 38214:11:  [preauth]
May 12 13:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Disconnected from 218.92.0.179 port 38214 [preauth]
May 12 13:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22926]: Invalid user jenkins from 20.2.154.67
May 12 13:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22926]: input_userauth_request: invalid user jenkins [preauth]
May 12 13:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22926]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.2.154.67
May 12 13:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22926]: Failed password for invalid user jenkins from 20.2.154.67 port 36624 ssh2
May 12 13:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22926]: Received disconnect from 20.2.154.67 port 36624:11: Bye Bye [preauth]
May 12 13:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22926]: Disconnected from 20.2.154.67 port 36624 [preauth]
May 12 13:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23023]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23020]: pam_unix(cron:session): session closed for user p13x
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: Failed password for root from 218.92.0.198 port 41910 ssh2
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23079]: Successful su for rubyman by root
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23079]: + ??? root:rubyman
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379077 of user rubyman.
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23079]: pam_unix(su:session): session closed for user rubyman
May 12 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379077.
May 12 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: Failed password for root from 218.92.0.198 port 41910 ssh2
May 12 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20030]: pam_unix(cron:session): session closed for user root
May 12 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: Failed password for root from 218.92.0.198 port 41910 ssh2
May 12 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: Received disconnect from 218.92.0.198 port 41910:11:  [preauth]
May 12 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: Disconnected from 218.92.0.198 port 41910 [preauth]
May 12 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23021]: pam_unix(cron:session): session closed for user samftp
May 12 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Failed password for root from 218.92.0.198 port 40044 ssh2
May 12 13:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 40044 ssh2]
May 12 13:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Received disconnect from 218.92.0.198 port 40044:11:  [preauth]
May 12 13:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Disconnected from 218.92.0.198 port 40044 [preauth]
May 12 13:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Failed password for root from 218.92.0.198 port 51312 ssh2
May 12 13:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 51312 ssh2]
May 12 13:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Received disconnect from 218.92.0.198 port 51312:11:  [preauth]
May 12 13:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Disconnected from 218.92.0.198 port 51312 [preauth]
May 12 13:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21851]: pam_unix(cron:session): session closed for user root
May 12 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23525]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23526]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23521]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23523]: pam_unix(cron:session): session closed for user p13x
May 12 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23647]: Successful su for rubyman by root
May 12 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23647]: + ??? root:rubyman
May 12 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379081 of user rubyman.
May 12 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23647]: pam_unix(su:session): session closed for user rubyman
May 12 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379081.
May 12 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23521]: pam_unix(cron:session): session closed for user root
May 12 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20427]: pam_unix(cron:session): session closed for user root
May 12 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23524]: pam_unix(cron:session): session closed for user samftp
May 12 13:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22540]: pam_unix(cron:session): session closed for user root
May 12 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24138]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24135]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24137]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24136]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24138]: pam_unix(cron:session): session closed for user root
May 12 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session closed for user p13x
May 12 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: Successful su for rubyman by root
May 12 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: + ??? root:rubyman
May 12 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379084 of user rubyman.
May 12 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: pam_unix(su:session): session closed for user rubyman
May 12 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379084.
May 12 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162  user=root
May 12 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20835]: pam_unix(cron:session): session closed for user root
May 12 13:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24135]: pam_unix(cron:session): session closed for user root
May 12 13:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Failed password for root from 206.172.46.162 port 53082 ssh2
May 12 13:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Received disconnect from 206.172.46.162 port 53082:11: Bye Bye [preauth]
May 12 13:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Disconnected from 206.172.46.162 port 53082 [preauth]
May 12 13:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24134]: pam_unix(cron:session): session closed for user samftp
May 12 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23023]: pam_unix(cron:session): session closed for user root
May 12 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24616]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24615]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session closed for user p13x
May 12 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24694]: Successful su for rubyman by root
May 12 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24694]: + ??? root:rubyman
May 12 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379090 of user rubyman.
May 12 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24694]: pam_unix(su:session): session closed for user rubyman
May 12 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379090.
May 12 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session closed for user root
May 12 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24614]: pam_unix(cron:session): session closed for user samftp
May 12 13:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23526]: pam_unix(cron:session): session closed for user root
May 12 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25057]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25055]: pam_unix(cron:session): session closed for user p13x
May 12 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: Successful su for rubyman by root
May 12 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: + ??? root:rubyman
May 12 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379095 of user rubyman.
May 12 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: pam_unix(su:session): session closed for user rubyman
May 12 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379095.
May 12 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21850]: pam_unix(cron:session): session closed for user root
May 12 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25056]: pam_unix(cron:session): session closed for user samftp
May 12 13:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24137]: pam_unix(cron:session): session closed for user root
May 12 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25468]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25469]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25466]: pam_unix(cron:session): session closed for user p13x
May 12 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25534]: Successful su for rubyman by root
May 12 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25534]: + ??? root:rubyman
May 12 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379099 of user rubyman.
May 12 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25534]: pam_unix(su:session): session closed for user rubyman
May 12 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379099.
May 12 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22539]: pam_unix(cron:session): session closed for user root
May 12 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25467]: pam_unix(cron:session): session closed for user samftp
May 12 13:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: Invalid user ubnt from 80.94.95.125
May 12 13:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: input_userauth_request: invalid user ubnt [preauth]
May 12 13:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 13:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: Failed password for invalid user ubnt from 80.94.95.125 port 52046 ssh2
May 12 13:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: Received disconnect from 80.94.95.125 port 52046:11: Bye [preauth]
May 12 13:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: Disconnected from 80.94.95.125 port 52046 [preauth]
May 12 13:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24616]: pam_unix(cron:session): session closed for user root
May 12 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.2.154.67  user=root
May 12 13:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Failed password for root from 20.2.154.67 port 44178 ssh2
May 12 13:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Received disconnect from 20.2.154.67 port 44178:11: Bye Bye [preauth]
May 12 13:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Disconnected from 20.2.154.67 port 44178 [preauth]
May 12 13:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25966]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25967]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25964]: pam_unix(cron:session): session closed for user p13x
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: Invalid user internet from 164.68.105.9
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: input_userauth_request: invalid user internet [preauth]
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26026]: Successful su for rubyman by root
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26026]: + ??? root:rubyman
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379102 of user rubyman.
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26026]: pam_unix(su:session): session closed for user rubyman
May 12 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379102.
May 12 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: Failed password for invalid user internet from 164.68.105.9 port 58378 ssh2
May 12 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: Connection closed by 164.68.105.9 port 58378 [preauth]
May 12 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session closed for user root
May 12 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25965]: pam_unix(cron:session): session closed for user samftp
May 12 13:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: User john from 156.251.24.166 not allowed because not listed in AllowUsers
May 12 13:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: input_userauth_request: invalid user john [preauth]
May 12 13:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166  user=john
May 12 13:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: Failed password for invalid user john from 156.251.24.166 port 45322 ssh2
May 12 13:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: Received disconnect from 156.251.24.166 port 45322:11: Bye Bye [preauth]
May 12 13:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: Disconnected from 156.251.24.166 port 45322 [preauth]
May 12 13:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May 12 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Failed password for root from 190.103.202.7 port 45706 ssh2
May 12 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Connection closed by 190.103.202.7 port 45706 [preauth]
May 12 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session closed for user root
May 12 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Invalid user ftpsecure from 185.93.89.118
May 12 13:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: input_userauth_request: invalid user ftpsecure [preauth]
May 12 13:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Failed password for invalid user ftpsecure from 185.93.89.118 port 6740 ssh2
May 12 13:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162  user=root
May 12 13:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Connection closed by 185.93.89.118 port 6740 [preauth]
May 12 13:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: Failed password for root from 206.172.46.162 port 48576 ssh2
May 12 13:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: Received disconnect from 206.172.46.162 port 48576:11: Bye Bye [preauth]
May 12 13:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: Disconnected from 206.172.46.162 port 48576 [preauth]
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26384]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26382]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26383]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26385]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26385]: pam_unix(cron:session): session closed for user root
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26380]: pam_unix(cron:session): session closed for user p13x
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26536]: Successful su for rubyman by root
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26536]: + ??? root:rubyman
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379107 of user rubyman.
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26536]: pam_unix(su:session): session closed for user rubyman
May 12 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379107.
May 12 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26382]: pam_unix(cron:session): session closed for user root
May 12 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23525]: pam_unix(cron:session): session closed for user root
May 12 13:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26381]: pam_unix(cron:session): session closed for user samftp
May 12 13:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Invalid user ftpmedia from 185.93.89.118
May 12 13:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: input_userauth_request: invalid user ftpmedia [preauth]
May 12 13:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 13:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Failed password for invalid user ftpmedia from 185.93.89.118 port 62438 ssh2
May 12 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Connection closed by 185.93.89.118 port 62438 [preauth]
May 12 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25469]: pam_unix(cron:session): session closed for user root
May 12 13:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Invalid user ftpguest from 185.93.89.118
May 12 13:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: input_userauth_request: invalid user ftpguest [preauth]
May 12 13:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 13:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 13:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Failed password for invalid user ftpguest from 185.93.89.118 port 27014 ssh2
May 12 13:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Failed password for root from 218.92.0.209 port 24606 ssh2
May 12 13:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Connection closed by 185.93.89.118 port 27014 [preauth]
May 12 13:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: Failed password for root from 218.92.0.179 port 64416 ssh2
May 12 13:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Failed password for root from 218.92.0.209 port 24606 ssh2
May 12 13:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: Failed password for root from 218.92.0.179 port 64416 ssh2
May 12 13:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: Failed password for root from 218.92.0.179 port 64416 ssh2
May 12 13:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Failed password for root from 218.92.0.209 port 24606 ssh2
May 12 13:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: Received disconnect from 218.92.0.179 port 64416:11:  [preauth]
May 12 13:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: Disconnected from 218.92.0.179 port 64416 [preauth]
May 12 13:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Failed password for root from 218.92.0.209 port 24606 ssh2
May 12 13:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Failed password for root from 218.92.0.209 port 24606 ssh2
May 12 13:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 24606 ssh2 [preauth]
May 12 13:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Disconnecting: Too many authentication failures [preauth]
May 12 13:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 13:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 13:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 13:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Invalid user ftp_boot from 185.93.89.118
May 12 13:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: input_userauth_request: invalid user ftp_boot [preauth]
May 12 13:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26972]: Failed password for root from 218.92.0.209 port 52276 ssh2
May 12 13:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Failed password for invalid user ftp_boot from 185.93.89.118 port 6116 ssh2
May 12 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26991]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26989]: pam_unix(cron:session): session closed for user p13x
May 12 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27090]: Successful su for rubyman by root
May 12 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27090]: + ??? root:rubyman
May 12 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379114 of user rubyman.
May 12 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27090]: pam_unix(su:session): session closed for user rubyman
May 12 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379114.
May 12 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26972]: Failed password for root from 218.92.0.209 port 52276 ssh2
May 12 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24136]: pam_unix(cron:session): session closed for user root
May 12 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Connection closed by 185.93.89.118 port 6116 [preauth]
May 12 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26972]: Failed password for root from 218.92.0.209 port 52276 ssh2
May 12 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session closed for user samftp
May 12 13:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26972]: Failed password for root from 218.92.0.209 port 52276 ssh2
May 12 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: Invalid user ftpadmin1 from 185.93.89.118
May 12 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: input_userauth_request: invalid user ftpadmin1 [preauth]
May 12 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: Failed password for invalid user ftpadmin1 from 185.93.89.118 port 20032 ssh2
May 12 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: Connection closed by 185.93.89.118 port 20032 [preauth]
May 12 13:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25967]: pam_unix(cron:session): session closed for user root
May 12 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27546]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27547]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27541]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27541]: pam_unix(cron:session): session closed for user root
May 12 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27543]: pam_unix(cron:session): session closed for user p13x
May 12 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27615]: Successful su for rubyman by root
May 12 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27615]: + ??? root:rubyman
May 12 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379119 of user rubyman.
May 12 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27615]: pam_unix(su:session): session closed for user rubyman
May 12 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379119.
May 12 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24615]: pam_unix(cron:session): session closed for user root
May 12 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27544]: pam_unix(cron:session): session closed for user samftp
May 12 13:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May 12 13:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27821]: Failed password for root from 218.92.0.217 port 60988 ssh2
May 12 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27821]: message repeated 2 times: [ Failed password for root from 218.92.0.217 port 60988 ssh2]
May 12 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27821]: Received disconnect from 218.92.0.217 port 60988:11:  [preauth]
May 12 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27821]: Disconnected from 218.92.0.217 port 60988 [preauth]
May 12 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27821]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May 12 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26384]: pam_unix(cron:session): session closed for user root
May 12 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27985]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27986]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session closed for user p13x
May 12 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: Successful su for rubyman by root
May 12 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: + ??? root:rubyman
May 12 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379121 of user rubyman.
May 12 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: pam_unix(su:session): session closed for user rubyman
May 12 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379121.
May 12 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25057]: pam_unix(cron:session): session closed for user root
May 12 13:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session closed for user samftp
May 12 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26992]: pam_unix(cron:session): session closed for user root
May 12 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28394]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28393]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session closed for user p13x
May 12 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28454]: Successful su for rubyman by root
May 12 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28454]: + ??? root:rubyman
May 12 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379126 of user rubyman.
May 12 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28454]: pam_unix(su:session): session closed for user rubyman
May 12 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379126.
May 12 13:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25468]: pam_unix(cron:session): session closed for user root
May 12 13:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28392]: pam_unix(cron:session): session closed for user samftp
May 12 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.2.154.67  user=root
May 12 13:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Failed password for root from 20.2.154.67 port 51524 ssh2
May 12 13:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Received disconnect from 20.2.154.67 port 51524:11: Bye Bye [preauth]
May 12 13:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Disconnected from 20.2.154.67 port 51524 [preauth]
May 12 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27547]: pam_unix(cron:session): session closed for user root
May 12 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28780]: Invalid user admin from 206.172.46.162
May 12 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28780]: input_userauth_request: invalid user admin [preauth]
May 12 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28780]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162
May 12 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28780]: Failed password for invalid user admin from 206.172.46.162 port 41582 ssh2
May 12 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28780]: Received disconnect from 206.172.46.162 port 41582:11: Bye Bye [preauth]
May 12 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28780]: Disconnected from 206.172.46.162 port 41582 [preauth]
May 12 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28804]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28805]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28805]: pam_unix(cron:session): session closed for user root
May 12 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session closed for user p13x
May 12 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28870]: Successful su for rubyman by root
May 12 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28870]: + ??? root:rubyman
May 12 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379129 of user rubyman.
May 12 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28870]: pam_unix(su:session): session closed for user rubyman
May 12 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379129.
May 12 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session closed for user root
May 12 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25966]: pam_unix(cron:session): session closed for user root
May 12 13:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session closed for user samftp
May 12 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27986]: pam_unix(cron:session): session closed for user root
May 12 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29339]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29340]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29337]: pam_unix(cron:session): session closed for user p13x
May 12 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29408]: Successful su for rubyman by root
May 12 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29408]: + ??? root:rubyman
May 12 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379137 of user rubyman.
May 12 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29408]: pam_unix(su:session): session closed for user rubyman
May 12 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379137.
May 12 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26383]: pam_unix(cron:session): session closed for user root
May 12 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29338]: pam_unix(cron:session): session closed for user samftp
May 12 13:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Invalid user jramirez from 156.251.24.166
May 12 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: input_userauth_request: invalid user jramirez [preauth]
May 12 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 13:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Failed password for invalid user jramirez from 156.251.24.166 port 54808 ssh2
May 12 13:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Received disconnect from 156.251.24.166 port 54808:11: Bye Bye [preauth]
May 12 13:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Disconnected from 156.251.24.166 port 54808 [preauth]
May 12 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28394]: pam_unix(cron:session): session closed for user root
May 12 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29761]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29762]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29759]: pam_unix(cron:session): session closed for user p13x
May 12 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29816]: Successful su for rubyman by root
May 12 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29816]: + ??? root:rubyman
May 12 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379142 of user rubyman.
May 12 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29816]: pam_unix(su:session): session closed for user rubyman
May 12 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379142.
May 12 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May 12 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26991]: pam_unix(cron:session): session closed for user root
May 12 13:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Failed password for root from 218.92.0.219 port 52538 ssh2
May 12 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session closed for user samftp
May 12 13:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Failed password for root from 218.92.0.219 port 52538 ssh2
May 12 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Failed password for root from 218.92.0.219 port 52538 ssh2
May 12 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Received disconnect from 218.92.0.219 port 52538:11:  [preauth]
May 12 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Disconnected from 218.92.0.219 port 52538 [preauth]
May 12 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May 12 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May 12 13:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30024]: Failed password for root from 218.92.0.219 port 59376 ssh2
May 12 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30024]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 59376 ssh2]
May 12 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30024]: Received disconnect from 218.92.0.219 port 59376:11:  [preauth]
May 12 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30024]: Disconnected from 218.92.0.219 port 59376 [preauth]
May 12 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30024]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May 12 13:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May 12 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Failed password for root from 218.92.0.219 port 36042 ssh2
May 12 13:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 36042 ssh2]
May 12 13:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Received disconnect from 218.92.0.219 port 36042:11:  [preauth]
May 12 13:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Disconnected from 218.92.0.219 port 36042 [preauth]
May 12 13:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May 12 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28804]: pam_unix(cron:session): session closed for user root
May 12 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30169]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30170]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30167]: pam_unix(cron:session): session closed for user p13x
May 12 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30226]: Successful su for rubyman by root
May 12 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30226]: + ??? root:rubyman
May 12 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379144 of user rubyman.
May 12 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30226]: pam_unix(su:session): session closed for user rubyman
May 12 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379144.
May 12 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27546]: pam_unix(cron:session): session closed for user root
May 12 13:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30168]: pam_unix(cron:session): session closed for user samftp
May 12 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29340]: pam_unix(cron:session): session closed for user root
May 12 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Failed password for root from 218.92.0.179 port 54232 ssh2
May 12 13:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 54232 ssh2]
May 12 13:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Received disconnect from 218.92.0.179 port 54232:11:  [preauth]
May 12 13:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Disconnected from 218.92.0.179 port 54232 [preauth]
May 12 13:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30566]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30564]: pam_unix(cron:session): session closed for user p13x
May 12 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30624]: Successful su for rubyman by root
May 12 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30624]: + ??? root:rubyman
May 12 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379147 of user rubyman.
May 12 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30624]: pam_unix(su:session): session closed for user rubyman
May 12 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379147.
May 12 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27985]: pam_unix(cron:session): session closed for user root
May 12 13:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30565]: pam_unix(cron:session): session closed for user samftp
May 12 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29762]: pam_unix(cron:session): session closed for user root
May 12 13:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Failed password for root from 218.92.0.198 port 58390 ssh2
May 12 13:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 58390 ssh2]
May 12 13:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Received disconnect from 218.92.0.198 port 58390:11:  [preauth]
May 12 13:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Disconnected from 218.92.0.198 port 58390 [preauth]
May 12 13:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30929]: Failed password for root from 218.92.0.198 port 59074 ssh2
May 12 13:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30929]: Failed password for root from 218.92.0.198 port 59074 ssh2
May 12 13:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May 12 13:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30929]: Failed password for root from 218.92.0.198 port 59074 ssh2
May 12 13:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30929]: Received disconnect from 218.92.0.198 port 59074:11:  [preauth]
May 12 13:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30929]: Disconnected from 218.92.0.198 port 59074 [preauth]
May 12 13:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30929]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: Invalid user julia from 206.172.46.162
May 12 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: input_userauth_request: invalid user julia [preauth]
May 12 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162
May 12 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31003]: Failed password for root from 193.70.84.184 port 39150 ssh2
May 12 13:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31003]: Connection closed by 193.70.84.184 port 39150 [preauth]
May 12 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: Failed password for invalid user julia from 206.172.46.162 port 58742 ssh2
May 12 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: Received disconnect from 206.172.46.162 port 58742:11: Bye Bye [preauth]
May 12 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: Disconnected from 206.172.46.162 port 58742 [preauth]
May 12 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: Failed password for root from 218.92.0.198 port 59090 ssh2
May 12 13:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 59090 ssh2]
May 12 13:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: Received disconnect from 218.92.0.198 port 59090:11:  [preauth]
May 12 13:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: Disconnected from 218.92.0.198 port 59090 [preauth]
May 12 13:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31055]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31059]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31058]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31057]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31059]: pam_unix(cron:session): session closed for user root
May 12 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31052]: pam_unix(cron:session): session closed for user p13x
May 12 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31140]: Successful su for rubyman by root
May 12 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31140]: + ??? root:rubyman
May 12 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379155 of user rubyman.
May 12 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31140]: pam_unix(su:session): session closed for user rubyman
May 12 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379155.
May 12 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31055]: pam_unix(cron:session): session closed for user root
May 12 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28393]: pam_unix(cron:session): session closed for user root
May 12 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session closed for user samftp
May 12 13:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30170]: pam_unix(cron:session): session closed for user root
May 12 13:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.2.154.67  user=root
May 12 13:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Failed password for root from 20.2.154.67 port 58824 ssh2
May 12 13:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Received disconnect from 20.2.154.67 port 58824:11: Bye Bye [preauth]
May 12 13:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Disconnected from 20.2.154.67 port 58824 [preauth]
May 12 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31511]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31510]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31507]: pam_unix(cron:session): session closed for user p13x
May 12 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31582]: Successful su for rubyman by root
May 12 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31582]: + ??? root:rubyman
May 12 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379157 of user rubyman.
May 12 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31582]: pam_unix(su:session): session closed for user rubyman
May 12 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379157.
May 12 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session closed for user root
May 12 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31509]: pam_unix(cron:session): session closed for user samftp
May 12 13:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May 12 13:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31820]: Failed password for root from 218.92.0.237 port 63654 ssh2
May 12 13:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31820]: message repeated 2 times: [ Failed password for root from 218.92.0.237 port 63654 ssh2]
May 12 13:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31820]: Received disconnect from 218.92.0.237 port 63654:11:  [preauth]
May 12 13:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31820]: Disconnected from 218.92.0.237 port 63654 [preauth]
May 12 13:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31820]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May 12 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session closed for user root
May 12 13:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Invalid user admin from 80.94.95.125
May 12 13:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: input_userauth_request: invalid user admin [preauth]
May 12 13:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32056]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32055]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32053]: pam_unix(cron:session): session closed for user p13x
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Failed password for invalid user admin from 80.94.95.125 port 23176 ssh2
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32279]: Successful su for rubyman by root
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32279]: + ??? root:rubyman
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379161 of user rubyman.
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32279]: pam_unix(su:session): session closed for user rubyman
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379161.
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Received disconnect from 80.94.95.125 port 23176:11: Bye [preauth]
May 12 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Disconnected from 80.94.95.125 port 23176 [preauth]
May 12 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29339]: pam_unix(cron:session): session closed for user root
May 12 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32054]: pam_unix(cron:session): session closed for user samftp
May 12 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31058]: pam_unix(cron:session): session closed for user root
May 12 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[302]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32767]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32765]: pam_unix(cron:session): session closed for user p13x
May 12 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[387]: Successful su for rubyman by root
May 12 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[387]: + ??? root:rubyman
May 12 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379166 of user rubyman.
May 12 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[387]: pam_unix(su:session): session closed for user rubyman
May 12 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379166.
May 12 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29761]: pam_unix(cron:session): session closed for user root
May 12 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32766]: pam_unix(cron:session): session closed for user samftp
May 12 13:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: Invalid user ftptest2 from 156.251.24.166
May 12 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: input_userauth_request: invalid user ftptest2 [preauth]
May 12 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 12 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: Failed password for invalid user ftptest2 from 156.251.24.166 port 38636 ssh2
May 12 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: Received disconnect from 156.251.24.166 port 38636:11: Bye Bye [preauth]
May 12 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: Disconnected from 156.251.24.166 port 38636 [preauth]
May 12 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: Failed password for root from 104.244.77.50 port 44394 ssh2
May 12 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: Connection closed by 104.244.77.50 port 44394 [preauth]
May 12 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 12 13:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 12 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Failed password for root from 104.244.77.50 port 50704 ssh2
May 12 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Connection closed by 104.244.77.50 port 50704 [preauth]
May 12 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31511]: pam_unix(cron:session): session closed for user root
May 12 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 12 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Failed password for root from 104.244.77.50 port 50708 ssh2
May 12 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Connection closed by 104.244.77.50 port 50708 [preauth]
May 12 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Failed password for root from 104.244.77.50 port 50714 ssh2
May 12 13:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Connection closed by 104.244.77.50 port 50714 [preauth]
May 12 13:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 12 13:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 12 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Failed password for root from 104.244.77.50 port 50724 ssh2
May 12 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Connection closed by 104.244.77.50 port 50724 [preauth]
May 12 13:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 12 13:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: Failed password for root from 104.244.77.50 port 50728 ssh2
May 12 13:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: Connection closed by 104.244.77.50 port 50728 [preauth]
May 12 13:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: Failed password for root from 104.244.77.50 port 45748 ssh2
May 12 13:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: Connection closed by 104.244.77.50 port 45748 [preauth]
May 12 13:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 12 13:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 12 13:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[775]: Failed password for root from 104.244.77.50 port 45750 ssh2
May 12 13:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[775]: Connection closed by 104.244.77.50 port 45750 [preauth]
May 12 13:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 12 13:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: Failed password for root from 104.244.77.50 port 45754 ssh2
May 12 13:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: Connection closed by 104.244.77.50 port 45754 [preauth]
May 12 13:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Failed password for root from 104.244.77.50 port 45760 ssh2
May 12 13:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Connection closed by 104.244.77.50 port 45760 [preauth]
May 12 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[838]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[839]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session closed for user p13x
May 12 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[909]: Successful su for rubyman by root
May 12 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[909]: + ??? root:rubyman
May 12 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379171 of user rubyman.
May 12 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[909]: pam_unix(su:session): session closed for user rubyman
May 12 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379171.
May 12 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30169]: pam_unix(cron:session): session closed for user root
May 12 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[837]: pam_unix(cron:session): session closed for user samftp
May 12 13:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Failed password for root from 218.92.0.179 port 41557 ssh2
May 12 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 41557 ssh2]
May 12 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Received disconnect from 218.92.0.179 port 41557:11:  [preauth]
May 12 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Disconnected from 218.92.0.179 port 41557 [preauth]
May 12 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Invalid user admin from 80.94.95.112
May 12 13:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: input_userauth_request: invalid user admin [preauth]
May 12 13:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 13:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Failed password for invalid user admin from 80.94.95.112 port 58486 ssh2
May 12 13:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Failed password for invalid user admin from 80.94.95.112 port 58486 ssh2
May 12 13:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Failed password for invalid user admin from 80.94.95.112 port 58486 ssh2
May 12 13:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Failed password for invalid user admin from 80.94.95.112 port 58486 ssh2
May 12 13:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Failed password for invalid user admin from 80.94.95.112 port 58486 ssh2
May 12 13:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Received disconnect from 80.94.95.112 port 58486:11: Bye [preauth]
May 12 13:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Disconnected from 80.94.95.112 port 58486 [preauth]
May 12 13:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 13:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32056]: pam_unix(cron:session): session closed for user root
May 12 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: Invalid user test6 from 206.172.46.162
May 12 13:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: input_userauth_request: invalid user test6 [preauth]
May 12 13:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162
May 12 13:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: Failed password for invalid user test6 from 206.172.46.162 port 50119 ssh2
May 12 13:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: Received disconnect from 206.172.46.162 port 50119:11: Bye Bye [preauth]
May 12 13:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: Disconnected from 206.172.46.162 port 50119 [preauth]
May 12 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1339]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1336]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1337]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1339]: pam_unix(cron:session): session closed for user root
May 12 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1334]: pam_unix(cron:session): session closed for user p13x
May 12 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1411]: Successful su for rubyman by root
May 12 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1411]: + ??? root:rubyman
May 12 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379175 of user rubyman.
May 12 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1411]: pam_unix(su:session): session closed for user rubyman
May 12 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379175.
May 12 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1336]: pam_unix(cron:session): session closed for user root
May 12 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30566]: pam_unix(cron:session): session closed for user root
May 12 13:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1335]: pam_unix(cron:session): session closed for user samftp
May 12 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[302]: pam_unix(cron:session): session closed for user root
May 12 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session closed for user p13x
May 12 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2009]: Successful su for rubyman by root
May 12 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2009]: + ??? root:rubyman
May 12 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379179 of user rubyman.
May 12 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2009]: pam_unix(su:session): session closed for user rubyman
May 12 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379179.
May 12 13:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May 12 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31057]: pam_unix(cron:session): session closed for user root
May 12 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session closed for user samftp
May 12 13:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Failed password for root from 218.92.0.206 port 61504 ssh2
May 12 13:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: message repeated 4 times: [ Failed password for root from 218.92.0.206 port 61504 ssh2]
May 12 13:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 61504 ssh2 [preauth]
May 12 13:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Disconnecting: Too many authentication failures [preauth]
May 12 13:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May 12 13:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 13:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[839]: pam_unix(cron:session): session closed for user root
May 12 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2352]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2353]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2349]: pam_unix(cron:session): session closed for user p13x
May 12 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2432]: Successful su for rubyman by root
May 12 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2432]: + ??? root:rubyman
May 12 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379183 of user rubyman.
May 12 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2432]: pam_unix(su:session): session closed for user rubyman
May 12 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379183.
May 12 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31510]: pam_unix(cron:session): session closed for user root
May 12 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2351]: pam_unix(cron:session): session closed for user samftp
May 12 13:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session closed for user root
May 12 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session closed for user p13x
May 12 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: Successful su for rubyman by root
May 12 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: + ??? root:rubyman
May 12 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379190 of user rubyman.
May 12 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: pam_unix(su:session): session closed for user rubyman
May 12 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379190.
May 12 13:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32055]: pam_unix(cron:session): session closed for user root
May 12 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2800]: pam_unix(cron:session): session closed for user samftp
May 12 13:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: Failed password for root from 218.92.0.179 port 54386 ssh2
May 12 13:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 54386 ssh2]
May 12 13:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: Received disconnect from 218.92.0.179 port 54386:11:  [preauth]
May 12 13:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: Disconnected from 218.92.0.179 port 54386 [preauth]
May 12 13:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session closed for user root
May 12 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3221]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3222]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3219]: pam_unix(cron:session): session closed for user p13x
May 12 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3278]: Successful su for rubyman by root
May 12 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3278]: + ??? root:rubyman
May 12 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379193 of user rubyman.
May 12 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3278]: pam_unix(su:session): session closed for user rubyman
May 12 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379193.
May 12 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32767]: pam_unix(cron:session): session closed for user root
May 12 13:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session closed for user samftp
May 12 13:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2353]: pam_unix(cron:session): session closed for user root
May 12 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Invalid user nabi from 206.172.46.162
May 12 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: input_userauth_request: invalid user nabi [preauth]
May 12 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162
May 12 13:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Failed password for invalid user nabi from 206.172.46.162 port 43906 ssh2
May 12 13:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Received disconnect from 206.172.46.162 port 43906:11: Bye Bye [preauth]
May 12 13:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Disconnected from 206.172.46.162 port 43906 [preauth]
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3671]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3672]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3673]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3670]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3673]: pam_unix(cron:session): session closed for user root
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3667]: pam_unix(cron:session): session closed for user p13x
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3732]: Successful su for rubyman by root
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3732]: + ??? root:rubyman
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379196 of user rubyman.
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3732]: pam_unix(su:session): session closed for user rubyman
May 12 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379196.
May 12 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3670]: pam_unix(cron:session): session closed for user root
May 12 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[838]: pam_unix(cron:session): session closed for user root
May 12 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3668]: pam_unix(cron:session): session closed for user samftp
May 12 13:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: Invalid user usr1 from 156.251.24.166
May 12 13:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: input_userauth_request: invalid user usr1 [preauth]
May 12 13:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 13:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: Failed password for invalid user usr1 from 156.251.24.166 port 48090 ssh2
May 12 13:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: Received disconnect from 156.251.24.166 port 48090:11: Bye Bye [preauth]
May 12 13:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: Disconnected from 156.251.24.166 port 48090 [preauth]
May 12 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session closed for user root
May 12 13:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May 12 13:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: Failed password for root from 218.92.0.217 port 55550 ssh2
May 12 13:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: message repeated 2 times: [ Failed password for root from 218.92.0.217 port 55550 ssh2]
May 12 13:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: Received disconnect from 218.92.0.217 port 55550:11:  [preauth]
May 12 13:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: Disconnected from 218.92.0.217 port 55550 [preauth]
May 12 13:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May 12 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4137]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4136]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4134]: pam_unix(cron:session): session closed for user p13x
May 12 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4202]: Successful su for rubyman by root
May 12 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4202]: + ??? root:rubyman
May 12 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379203 of user rubyman.
May 12 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4202]: pam_unix(su:session): session closed for user rubyman
May 12 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379203.
May 12 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1337]: pam_unix(cron:session): session closed for user root
May 12 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4135]: pam_unix(cron:session): session closed for user samftp
May 12 13:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3222]: pam_unix(cron:session): session closed for user root
May 12 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4713]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4712]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4710]: pam_unix(cron:session): session closed for user p13x
May 12 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4772]: Successful su for rubyman by root
May 12 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4772]: + ??? root:rubyman
May 12 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379205 of user rubyman.
May 12 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4772]: pam_unix(su:session): session closed for user rubyman
May 12 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379205.
May 12 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session closed for user root
May 12 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4711]: pam_unix(cron:session): session closed for user samftp
May 12 13:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3672]: pam_unix(cron:session): session closed for user root
May 12 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5323]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5324]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5321]: pam_unix(cron:session): session closed for user p13x
May 12 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5382]: Successful su for rubyman by root
May 12 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5382]: + ??? root:rubyman
May 12 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379210 of user rubyman.
May 12 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5382]: pam_unix(su:session): session closed for user rubyman
May 12 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379210.
May 12 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2352]: pam_unix(cron:session): session closed for user root
May 12 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5322]: pam_unix(cron:session): session closed for user samftp
May 12 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4137]: pam_unix(cron:session): session closed for user root
May 12 13:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 13:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: Failed password for root from 218.92.0.229 port 47496 ssh2
May 12 13:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 47496 ssh2]
May 12 13:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: Received disconnect from 218.92.0.229 port 47496:11:  [preauth]
May 12 13:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: Disconnected from 218.92.0.229 port 47496 [preauth]
May 12 13:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 13:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5790]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5785]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5787]: pam_unix(cron:session): session closed for user p13x
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5999]: Successful su for rubyman by root
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5999]: + ??? root:rubyman
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379213 of user rubyman.
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5999]: pam_unix(su:session): session closed for user rubyman
May 12 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379213.
May 12 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5785]: pam_unix(cron:session): session closed for user root
May 12 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session closed for user root
May 12 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session closed for user samftp
May 12 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4713]: pam_unix(cron:session): session closed for user root
May 12 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Invalid user jmarquez from 206.172.46.162
May 12 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: input_userauth_request: invalid user jmarquez [preauth]
May 12 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.172.46.162
May 12 13:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Failed password for invalid user jmarquez from 206.172.46.162 port 40804 ssh2
May 12 13:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Received disconnect from 206.172.46.162 port 40804:11: Bye Bye [preauth]
May 12 13:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Disconnected from 206.172.46.162 port 40804 [preauth]
May 12 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6385]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6386]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6388]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6387]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6388]: pam_unix(cron:session): session closed for user root
May 12 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6383]: pam_unix(cron:session): session closed for user p13x
May 12 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6464]: Successful su for rubyman by root
May 12 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6464]: + ??? root:rubyman
May 12 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379219 of user rubyman.
May 12 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6464]: pam_unix(su:session): session closed for user rubyman
May 12 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379219.
May 12 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6385]: pam_unix(cron:session): session closed for user root
May 12 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3221]: pam_unix(cron:session): session closed for user root
May 12 13:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6384]: pam_unix(cron:session): session closed for user samftp
May 12 13:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 13:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Failed password for root from 80.94.95.125 port 57483 ssh2
May 12 13:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Received disconnect from 80.94.95.125 port 57483:11: Bye [preauth]
May 12 13:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Disconnected from 80.94.95.125 port 57483 [preauth]
May 12 13:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5324]: pam_unix(cron:session): session closed for user root
May 12 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6831]: pam_unix(cron:session): session closed for user p13x
May 12 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6899]: Successful su for rubyman by root
May 12 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6899]: + ??? root:rubyman
May 12 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379225 of user rubyman.
May 12 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6899]: pam_unix(su:session): session closed for user rubyman
May 12 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379225.
May 12 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3671]: pam_unix(cron:session): session closed for user root
May 12 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session closed for user samftp
May 12 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 13:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: Failed password for root from 218.92.0.111 port 50682 ssh2
May 12 13:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 50682 ssh2]
May 12 13:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: Received disconnect from 218.92.0.111 port 50682:11:  [preauth]
May 12 13:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: Disconnected from 218.92.0.111 port 50682 [preauth]
May 12 13:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 13:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 13:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7233]: Failed password for root from 218.92.0.111 port 50708 ssh2
May 12 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7233]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 50708 ssh2]
May 12 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7233]: Received disconnect from 218.92.0.111 port 50708:11:  [preauth]
May 12 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7233]: Disconnected from 218.92.0.111 port 50708 [preauth]
May 12 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7233]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 13:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: Failed password for root from 218.92.0.111 port 54136 ssh2
May 12 13:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 54136 ssh2]
May 12 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: Received disconnect from 218.92.0.111 port 54136:11:  [preauth]
May 12 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: Disconnected from 218.92.0.111 port 54136 [preauth]
May 12 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May 12 13:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5790]: pam_unix(cron:session): session closed for user root
May 12 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session closed for user p13x
May 12 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: Successful su for rubyman by root
May 12 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: + ??? root:rubyman
May 12 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379229 of user rubyman.
May 12 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: pam_unix(su:session): session closed for user rubyman
May 12 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379229.
May 12 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4136]: pam_unix(cron:session): session closed for user root
May 12 13:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session closed for user samftp
May 12 13:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Invalid user tanulo from 156.251.24.166
May 12 13:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: input_userauth_request: invalid user tanulo [preauth]
May 12 13:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6387]: pam_unix(cron:session): session closed for user root
May 12 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Failed password for invalid user tanulo from 156.251.24.166 port 57774 ssh2
May 12 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Received disconnect from 156.251.24.166 port 57774:11: Bye Bye [preauth]
May 12 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Disconnected from 156.251.24.166 port 57774 [preauth]
May 12 13:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Failed password for root from 218.92.0.179 port 54406 ssh2
May 12 13:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 54406 ssh2]
May 12 13:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Received disconnect from 218.92.0.179 port 54406:11:  [preauth]
May 12 13:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Disconnected from 218.92.0.179 port 54406 [preauth]
May 12 13:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7890]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7889]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7887]: pam_unix(cron:session): session closed for user p13x
May 12 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: Successful su for rubyman by root
May 12 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: + ??? root:rubyman
May 12 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379233 of user rubyman.
May 12 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: pam_unix(su:session): session closed for user rubyman
May 12 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379233.
May 12 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4712]: pam_unix(cron:session): session closed for user root
May 12 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7888]: pam_unix(cron:session): session closed for user samftp
May 12 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session closed for user root
May 12 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session closed for user p13x
May 12 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: Successful su for rubyman by root
May 12 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: + ??? root:rubyman
May 12 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379238 of user rubyman.
May 12 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session closed for user rubyman
May 12 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379238.
May 12 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5323]: pam_unix(cron:session): session closed for user root
May 12 13:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: Failed password for root from 218.92.0.179 port 64444 ssh2
May 12 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session closed for user samftp
May 12 13:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: Failed password for root from 218.92.0.179 port 64444 ssh2
May 12 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: Failed password for root from 218.92.0.179 port 64444 ssh2
May 12 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: Received disconnect from 218.92.0.179 port 64444:11:  [preauth]
May 12 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: Disconnected from 218.92.0.179 port 64444 [preauth]
May 12 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session closed for user root
May 12 13:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May 12 13:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: Failed password for root from 218.92.0.220 port 48380 ssh2
May 12 13:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: Failed password for root from 218.92.0.220 port 48380 ssh2
May 12 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8757]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8759]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8760]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8758]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8760]: pam_unix(cron:session): session closed for user root
May 12 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session closed for user p13x
May 12 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8822]: Successful su for rubyman by root
May 12 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8822]: + ??? root:rubyman
May 12 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379242 of user rubyman.
May 12 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8822]: pam_unix(su:session): session closed for user rubyman
May 12 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379242.
May 12 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8757]: pam_unix(cron:session): session closed for user root
May 12 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session closed for user root
May 12 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8756]: pam_unix(cron:session): session closed for user samftp
May 12 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7890]: pam_unix(cron:session): session closed for user root
May 12 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9311]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session closed for user p13x
May 12 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9382]: Successful su for rubyman by root
May 12 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9382]: + ??? root:rubyman
May 12 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379246 of user rubyman.
May 12 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9382]: pam_unix(su:session): session closed for user rubyman
May 12 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379246.
May 12 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6386]: pam_unix(cron:session): session closed for user root
May 12 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session closed for user samftp
May 12 13:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: Invalid user zyx from 193.32.162.157
May 12 13:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: input_userauth_request: invalid user zyx [preauth]
May 12 13:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 13:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: Failed password for invalid user zyx from 193.32.162.157 port 47940 ssh2
May 12 13:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: Connection closed by 193.32.162.157 port 47940 [preauth]
May 12 13:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 13:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9575]: Failed password for root from 218.92.0.209 port 62290 ssh2
May 12 13:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9575]: Failed password for root from 218.92.0.209 port 62290 ssh2
May 12 13:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: Invalid user abc from 193.32.162.157
May 12 13:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: input_userauth_request: invalid user abc [preauth]
May 12 13:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 13:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9575]: Failed password for root from 218.92.0.209 port 62290 ssh2
May 12 13:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: Failed password for invalid user abc from 193.32.162.157 port 15680 ssh2
May 12 13:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: Connection closed by 193.32.162.157 port 15680 [preauth]
May 12 13:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9575]: Failed password for root from 218.92.0.209 port 62290 ssh2
May 12 13:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9575]: Failed password for root from 218.92.0.209 port 62290 ssh2
May 12 13:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9575]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 62290 ssh2 [preauth]
May 12 13:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9575]: Disconnecting: Too many authentication failures [preauth]
May 12 13:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9575]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 13:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9575]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 13:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: Invalid user zn from 193.32.162.157
May 12 13:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: input_userauth_request: invalid user zn [preauth]
May 12 13:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 13:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: Failed password for invalid user zn from 193.32.162.157 port 48114 ssh2
May 12 13:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: Connection closed by 193.32.162.157 port 48114 [preauth]
May 12 13:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session closed for user root
May 12 13:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: Invalid user abc from 193.32.162.157
May 12 13:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: input_userauth_request: invalid user abc [preauth]
May 12 13:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 13:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: Failed password for invalid user abc from 193.32.162.157 port 16118 ssh2
May 12 13:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: Connection closed by 193.32.162.157 port 16118 [preauth]
May 12 13:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Invalid user zz from 193.32.162.157
May 12 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: input_userauth_request: invalid user zz [preauth]
May 12 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May 12 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Failed password for invalid user zz from 193.32.162.157 port 42772 ssh2
May 12 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: Failed password for root from 218.92.0.216 port 36678 ssh2
May 12 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Connection closed by 193.32.162.157 port 42772 [preauth]
May 12 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: Failed password for root from 218.92.0.216 port 36678 ssh2
May 12 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: Failed password for root from 218.92.0.216 port 36678 ssh2
May 12 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: Received disconnect from 218.92.0.216 port 36678:11:  [preauth]
May 12 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: Disconnected from 218.92.0.216 port 36678 [preauth]
May 12 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May 12 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9732]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9733]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9730]: pam_unix(cron:session): session closed for user p13x
May 12 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: Successful su for rubyman by root
May 12 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: + ??? root:rubyman
May 12 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379251 of user rubyman.
May 12 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: pam_unix(su:session): session closed for user rubyman
May 12 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379251.
May 12 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session closed for user root
May 12 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9731]: pam_unix(cron:session): session closed for user samftp
May 12 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8759]: pam_unix(cron:session): session closed for user root
May 12 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10128]: pam_unix(cron:session): session closed for user p13x
May 12 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10187]: Successful su for rubyman by root
May 12 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10187]: + ??? root:rubyman
May 12 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379256 of user rubyman.
May 12 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10187]: pam_unix(su:session): session closed for user rubyman
May 12 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379256.
May 12 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session closed for user root
May 12 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10129]: pam_unix(cron:session): session closed for user samftp
May 12 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session closed for user root
May 12 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10675]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10676]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session closed for user p13x
May 12 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10767]: Successful su for rubyman by root
May 12 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10767]: + ??? root:rubyman
May 12 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379258 of user rubyman.
May 12 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10767]: pam_unix(su:session): session closed for user rubyman
May 12 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379258.
May 12 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7889]: pam_unix(cron:session): session closed for user root
May 12 13:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10674]: pam_unix(cron:session): session closed for user samftp
May 12 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9733]: pam_unix(cron:session): session closed for user root
May 12 13:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Invalid user uat from 156.251.24.166
May 12 13:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: input_userauth_request: invalid user uat [preauth]
May 12 13:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 13:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Failed password for invalid user uat from 156.251.24.166 port 40904 ssh2
May 12 13:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Received disconnect from 156.251.24.166 port 40904:11: Bye Bye [preauth]
May 12 13:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Disconnected from 156.251.24.166 port 40904 [preauth]
May 12 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11100]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11097]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11099]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11098]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11100]: pam_unix(cron:session): session closed for user root
May 12 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session closed for user p13x
May 12 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: Successful su for rubyman by root
May 12 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: + ??? root:rubyman
May 12 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379265 of user rubyman.
May 12 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: pam_unix(su:session): session closed for user rubyman
May 12 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379265.
May 12 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11097]: pam_unix(cron:session): session closed for user root
May 12 13:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session closed for user root
May 12 13:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session closed for user samftp
May 12 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session closed for user root
May 12 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11524]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11522]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11520]: pam_unix(cron:session): session closed for user p13x
May 12 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11594]: Successful su for rubyman by root
May 12 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11594]: + ??? root:rubyman
May 12 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379268 of user rubyman.
May 12 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11594]: pam_unix(su:session): session closed for user rubyman
May 12 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379268.
May 12 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8758]: pam_unix(cron:session): session closed for user root
May 12 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session closed for user samftp
May 12 13:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10676]: pam_unix(cron:session): session closed for user root
May 12 13:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May 12 13:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: Failed password for root from 45.6.188.43 port 50746 ssh2
May 12 13:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: Connection closed by 45.6.188.43 port 50746 [preauth]
May 12 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11923]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11921]: pam_unix(cron:session): session closed for user p13x
May 12 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11981]: Successful su for rubyman by root
May 12 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11981]: + ??? root:rubyman
May 12 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379273 of user rubyman.
May 12 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11981]: pam_unix(su:session): session closed for user rubyman
May 12 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379273.
May 12 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9311]: pam_unix(cron:session): session closed for user root
May 12 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11922]: pam_unix(cron:session): session closed for user samftp
May 12 13:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11099]: pam_unix(cron:session): session closed for user root
May 12 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12331]: pam_unix(cron:session): session closed for user p13x
May 12 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12392]: Successful su for rubyman by root
May 12 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12392]: + ??? root:rubyman
May 12 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379277 of user rubyman.
May 12 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12392]: pam_unix(su:session): session closed for user rubyman
May 12 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379277.
May 12 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9732]: pam_unix(cron:session): session closed for user root
May 12 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12332]: pam_unix(cron:session): session closed for user samftp
May 12 13:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11524]: pam_unix(cron:session): session closed for user root
May 12 13:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 13:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Failed password for root from 80.94.95.125 port 61542 ssh2
May 12 13:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Received disconnect from 80.94.95.125 port 61542:11: Bye [preauth]
May 12 13:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Disconnected from 80.94.95.125 port 61542 [preauth]
May 12 13:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12722]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session closed for user p13x
May 12 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12779]: Successful su for rubyman by root
May 12 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12779]: + ??? root:rubyman
May 12 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379282 of user rubyman.
May 12 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12779]: pam_unix(su:session): session closed for user rubyman
May 12 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379282.
May 12 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session closed for user root
May 12 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12721]: pam_unix(cron:session): session closed for user samftp
May 12 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session closed for user root
May 12 13:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12688]: Received disconnect from 218.92.0.231 port 57762:11:  [preauth]
May 12 13:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12688]: Disconnected from 218.92.0.231 port 57762 [preauth]
May 12 13:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May 12 13:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Failed password for root from 218.92.0.230 port 41818 ssh2
May 12 13:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: message repeated 2 times: [ Failed password for root from 218.92.0.230 port 41818 ssh2]
May 12 13:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Received disconnect from 218.92.0.230 port 41818:11:  [preauth]
May 12 13:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Disconnected from 218.92.0.230 port 41818 [preauth]
May 12 13:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May 12 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13121]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13120]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13118]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13119]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13121]: pam_unix(cron:session): session closed for user root
May 12 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session closed for user p13x
May 12 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: Successful su for rubyman by root
May 12 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: + ??? root:rubyman
May 12 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379287 of user rubyman.
May 12 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: pam_unix(su:session): session closed for user rubyman
May 12 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379287.
May 12 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Failed password for root from 218.92.0.179 port 49431 ssh2
May 12 13:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10675]: pam_unix(cron:session): session closed for user root
May 12 13:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13118]: pam_unix(cron:session): session closed for user root
May 12 13:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Failed password for root from 218.92.0.179 port 49431 ssh2
May 12 13:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13117]: pam_unix(cron:session): session closed for user samftp
May 12 13:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session closed for user root
May 12 13:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May 12 13:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13605]: Failed password for root from 193.70.84.184 port 51052 ssh2
May 12 13:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13605]: Connection closed by 193.70.84.184 port 51052 [preauth]
May 12 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13649]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13650]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13647]: pam_unix(cron:session): session closed for user p13x
May 12 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13722]: Successful su for rubyman by root
May 12 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13722]: + ??? root:rubyman
May 12 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379291 of user rubyman.
May 12 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13722]: pam_unix(su:session): session closed for user rubyman
May 12 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379291.
May 12 13:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11098]: pam_unix(cron:session): session closed for user root
May 12 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13648]: pam_unix(cron:session): session closed for user samftp
May 12 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session closed for user root
May 12 13:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Invalid user student1 from 156.251.24.166
May 12 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: input_userauth_request: invalid user student1 [preauth]
May 12 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: pam_unix(sshd:auth): check pass; user unknown
May 12 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166
May 12 13:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Failed password for invalid user student1 from 156.251.24.166 port 52820 ssh2
May 12 13:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Received disconnect from 156.251.24.166 port 52820:11: Bye Bye [preauth]
May 12 13:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Disconnected from 156.251.24.166 port 52820 [preauth]
May 12 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14071]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14070]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session closed for user p13x
May 12 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: Successful su for rubyman by root
May 12 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: + ??? root:rubyman
May 12 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379294 of user rubyman.
May 12 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: pam_unix(su:session): session closed for user rubyman
May 12 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379294.
May 12 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11522]: pam_unix(cron:session): session closed for user root
May 12 13:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14069]: pam_unix(cron:session): session closed for user samftp
May 12 13:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 13:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14348]: Failed password for root from 218.92.0.228 port 48636 ssh2
May 12 13:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14348]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 48636 ssh2]
May 12 13:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14348]: Received disconnect from 218.92.0.228 port 48636:11:  [preauth]
May 12 13:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14348]: Disconnected from 218.92.0.228 port 48636 [preauth]
May 12 13:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14348]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 13:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13120]: pam_unix(cron:session): session closed for user root
May 12 13:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 13:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Failed password for root from 218.92.0.228 port 49254 ssh2
May 12 13:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 49254 ssh2]
May 12 13:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Received disconnect from 218.92.0.228 port 49254:11:  [preauth]
May 12 13:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Disconnected from 218.92.0.228 port 49254 [preauth]
May 12 13:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 13:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14481]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14480]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14477]: pam_unix(cron:session): session closed for user p13x
May 12 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14543]: Successful su for rubyman by root
May 12 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14543]: + ??? root:rubyman
May 12 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379300 of user rubyman.
May 12 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14543]: pam_unix(su:session): session closed for user rubyman
May 12 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379300.
May 12 13:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11923]: pam_unix(cron:session): session closed for user root
May 12 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14478]: pam_unix(cron:session): session closed for user samftp
May 12 13:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 13:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: Failed password for root from 218.92.0.228 port 52286 ssh2
May 12 13:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 52286 ssh2]
May 12 13:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: Received disconnect from 218.92.0.228 port 52286:11:  [preauth]
May 12 13:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: Disconnected from 218.92.0.228 port 52286 [preauth]
May 12 13:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 13:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13650]: pam_unix(cron:session): session closed for user root
May 12 13:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 13:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14894]: pam_unix(cron:session): session closed for user p13x
May 12 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14963]: Successful su for rubyman by root
May 12 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14963]: + ??? root:rubyman
May 12 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379303 of user rubyman.
May 12 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14963]: pam_unix(su:session): session closed for user rubyman
May 12 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379303.
May 12 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Failed password for root from 218.92.0.179 port 15374 ssh2
May 12 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session closed for user root
May 12 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Failed password for root from 218.92.0.179 port 15374 ssh2
May 12 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14895]: pam_unix(cron:session): session closed for user samftp
May 12 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Failed password for root from 218.92.0.179 port 15374 ssh2
May 12 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Received disconnect from 218.92.0.179 port 15374:11:  [preauth]
May 12 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Disconnected from 218.92.0.179 port 15374 [preauth]
May 12 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 13:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14071]: pam_unix(cron:session): session closed for user root
May 12 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15292]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15295]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15293]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15296]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15297]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15297]: pam_unix(cron:session): session closed for user root
May 12 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15292]: pam_unix(cron:session): session closed for user root
May 12 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15290]: pam_unix(cron:session): session closed for user p13x
May 12 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15392]: Successful su for rubyman by root
May 12 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15392]: + ??? root:rubyman
May 12 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379306 of user rubyman.
May 12 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15392]: pam_unix(su:session): session closed for user rubyman
May 12 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379306.
May 12 14:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12722]: pam_unix(cron:session): session closed for user root
May 12 14:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15293]: pam_unix(cron:session): session closed for user root
May 12 14:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15291]: pam_unix(cron:session): session closed for user samftp
May 12 14:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14481]: pam_unix(cron:session): session closed for user root
May 12 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session closed for user p13x
May 12 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15853]: Successful su for rubyman by root
May 12 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15853]: + ??? root:rubyman
May 12 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379313 of user rubyman.
May 12 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15853]: pam_unix(su:session): session closed for user rubyman
May 12 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379313.
May 12 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13119]: pam_unix(cron:session): session closed for user root
May 12 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session closed for user samftp
May 12 14:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May 12 14:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: Failed password for root from 218.92.0.203 port 10634 ssh2
May 12 14:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: Failed password for root from 218.92.0.203 port 10634 ssh2
May 12 14:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session closed for user root
May 12 14:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: Failed password for root from 218.92.0.203 port 10634 ssh2
May 12 14:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: message repeated 2 times: [ Failed password for root from 218.92.0.203 port 10634 ssh2]
May 12 14:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 10634 ssh2 [preauth]
May 12 14:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: Disconnecting: Too many authentication failures [preauth]
May 12 14:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May 12 14:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 14:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16194]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16193]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16191]: pam_unix(cron:session): session closed for user p13x
May 12 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16251]: Successful su for rubyman by root
May 12 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16251]: + ??? root:rubyman
May 12 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379318 of user rubyman.
May 12 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16251]: pam_unix(su:session): session closed for user rubyman
May 12 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379318.
May 12 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13649]: pam_unix(cron:session): session closed for user root
May 12 14:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16192]: pam_unix(cron:session): session closed for user samftp
May 12 14:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: Invalid user ftptestusr from 185.93.89.118
May 12 14:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: input_userauth_request: invalid user ftptestusr [preauth]
May 12 14:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 14:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: Failed password for invalid user ftptestusr from 185.93.89.118 port 64232 ssh2
May 12 14:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: Connection closed by 185.93.89.118 port 64232 [preauth]
May 12 14:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May 12 14:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: Failed password for root from 218.92.0.220 port 51750 ssh2
May 12 14:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: message repeated 2 times: [ Failed password for root from 218.92.0.220 port 51750 ssh2]
May 12 14:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: Received disconnect from 218.92.0.220 port 51750:11:  [preauth]
May 12 14:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: Disconnected from 218.92.0.220 port 51750 [preauth]
May 12 14:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May 12 14:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Invalid user admin from 80.94.95.112
May 12 14:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: input_userauth_request: invalid user admin [preauth]
May 12 14:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 14:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Failed password for invalid user admin from 80.94.95.112 port 55020 ssh2
May 12 14:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Failed password for invalid user admin from 80.94.95.112 port 55020 ssh2
May 12 14:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Invalid user ftp_test from 185.93.89.118
May 12 14:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: input_userauth_request: invalid user ftp_test [preauth]
May 12 14:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 14:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Failed password for invalid user admin from 80.94.95.112 port 55020 ssh2
May 12 14:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Failed password for invalid user ftp_test from 185.93.89.118 port 58846 ssh2
May 12 14:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Failed password for invalid user admin from 80.94.95.112 port 55020 ssh2
May 12 14:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Failed password for invalid user admin from 80.94.95.112 port 55020 ssh2
May 12 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Received disconnect from 80.94.95.112 port 55020:11: Bye [preauth]
May 12 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Disconnected from 80.94.95.112 port 55020 [preauth]
May 12 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 14:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Connection closed by 185.93.89.118 port 58846 [preauth]
May 12 14:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15296]: pam_unix(cron:session): session closed for user root
May 12 14:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: Invalid user ftp-test from 185.93.89.118
May 12 14:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: input_userauth_request: invalid user ftp-test [preauth]
May 12 14:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 14:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: Failed password for invalid user ftp-test from 185.93.89.118 port 45406 ssh2
May 12 14:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: Connection closed by 185.93.89.118 port 45406 [preauth]
May 12 14:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16642]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16643]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16640]: pam_unix(cron:session): session closed for user p13x
May 12 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16702]: Successful su for rubyman by root
May 12 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16702]: + ??? root:rubyman
May 12 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379323 of user rubyman.
May 12 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16702]: pam_unix(su:session): session closed for user rubyman
May 12 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379323.
May 12 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14070]: pam_unix(cron:session): session closed for user root
May 12 14:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16641]: pam_unix(cron:session): session closed for user samftp
May 12 14:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Invalid user ftp-test from 185.93.89.118
May 12 14:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: input_userauth_request: invalid user ftp-test [preauth]
May 12 14:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 14:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Failed password for invalid user ftp-test from 185.93.89.118 port 2762 ssh2
May 12 14:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Connection closed by 185.93.89.118 port 2762 [preauth]
May 12 14:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: User ftp from 185.93.89.118 not allowed because not listed in AllowUsers
May 12 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: input_userauth_request: invalid user ftp [preauth]
May 12 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=ftp
May 12 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Failed password for invalid user ftp from 185.93.89.118 port 6372 ssh2
May 12 14:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Connection closed by 185.93.89.118 port 6372 [preauth]
May 12 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session closed for user root
May 12 14:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.24.166  user=root
May 12 14:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: Failed password for root from 156.251.24.166 port 34078 ssh2
May 12 14:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: Received disconnect from 156.251.24.166 port 34078:11: Bye Bye [preauth]
May 12 14:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: Disconnected from 156.251.24.166 port 34078 [preauth]
May 12 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17071]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17072]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17069]: pam_unix(cron:session): session closed for user p13x
May 12 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: Successful su for rubyman by root
May 12 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: + ??? root:rubyman
May 12 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379327 of user rubyman.
May 12 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: pam_unix(su:session): session closed for user rubyman
May 12 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379327.
May 12 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14480]: pam_unix(cron:session): session closed for user root
May 12 14:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17070]: pam_unix(cron:session): session closed for user samftp
May 12 14:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 14:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Failed password for root from 218.92.0.179 port 18847 ssh2
May 12 14:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18847 ssh2]
May 12 14:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Received disconnect from 218.92.0.179 port 18847:11:  [preauth]
May 12 14:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Disconnected from 218.92.0.179 port 18847 [preauth]
May 12 14:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16194]: pam_unix(cron:session): session closed for user root
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17487]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17485]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17486]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17487]: pam_unix(cron:session): session closed for user root
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session closed for user p13x
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17557]: Successful su for rubyman by root
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17557]: + ??? root:rubyman
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379332 of user rubyman.
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17557]: pam_unix(su:session): session closed for user rubyman
May 12 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379332.
May 12 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session closed for user root
May 12 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session closed for user root
May 12 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session closed for user samftp
May 12 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16643]: pam_unix(cron:session): session closed for user root
May 12 14:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18055]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session closed for user p13x
May 12 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18124]: Successful su for rubyman by root
May 12 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18124]: + ??? root:rubyman
May 12 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379336 of user rubyman.
May 12 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18124]: pam_unix(su:session): session closed for user rubyman
May 12 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379336.
May 12 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15295]: pam_unix(cron:session): session closed for user root
May 12 14:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session closed for user samftp
May 12 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17072]: pam_unix(cron:session): session closed for user root
May 12 14:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 14:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18459]: Failed password for root from 80.94.95.125 port 8231 ssh2
May 12 14:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18459]: Received disconnect from 80.94.95.125 port 8231:11: Bye [preauth]
May 12 14:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18459]: Disconnected from 80.94.95.125 port 8231 [preauth]
May 12 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18472]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18473]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18470]: pam_unix(cron:session): session closed for user p13x
May 12 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18532]: Successful su for rubyman by root
May 12 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18532]: + ??? root:rubyman
May 12 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379340 of user rubyman.
May 12 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18532]: pam_unix(su:session): session closed for user rubyman
May 12 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379340.
May 12 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session closed for user root
May 12 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18471]: pam_unix(cron:session): session closed for user samftp
May 12 14:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17486]: pam_unix(cron:session): session closed for user root
May 12 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18877]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18876]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18874]: pam_unix(cron:session): session closed for user p13x
May 12 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18936]: Successful su for rubyman by root
May 12 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18936]: + ??? root:rubyman
May 12 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379343 of user rubyman.
May 12 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18936]: pam_unix(su:session): session closed for user rubyman
May 12 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379343.
May 12 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16193]: pam_unix(cron:session): session closed for user root
May 12 14:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18875]: pam_unix(cron:session): session closed for user samftp
May 12 14:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18055]: pam_unix(cron:session): session closed for user root
May 12 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19282]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19281]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19277]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19279]: pam_unix(cron:session): session closed for user p13x
May 12 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19408]: Successful su for rubyman by root
May 12 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19408]: + ??? root:rubyman
May 12 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379347 of user rubyman.
May 12 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19408]: pam_unix(su:session): session closed for user rubyman
May 12 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379347.
May 12 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19277]: pam_unix(cron:session): session closed for user root
May 12 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16642]: pam_unix(cron:session): session closed for user root
May 12 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19280]: pam_unix(cron:session): session closed for user samftp
May 12 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18473]: pam_unix(cron:session): session closed for user root
May 12 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19803]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19806]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19804]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19805]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19806]: pam_unix(cron:session): session closed for user root
May 12 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19801]: pam_unix(cron:session): session closed for user p13x
May 12 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19871]: Successful su for rubyman by root
May 12 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19871]: + ??? root:rubyman
May 12 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379352 of user rubyman.
May 12 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19871]: pam_unix(su:session): session closed for user rubyman
May 12 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379352.
May 12 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19803]: pam_unix(cron:session): session closed for user root
May 12 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17071]: pam_unix(cron:session): session closed for user root
May 12 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19802]: pam_unix(cron:session): session closed for user samftp
May 12 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18877]: pam_unix(cron:session): session closed for user root
May 12 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20240]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20241]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20238]: pam_unix(cron:session): session closed for user p13x
May 12 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20305]: Successful su for rubyman by root
May 12 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20305]: + ??? root:rubyman
May 12 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379360 of user rubyman.
May 12 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20305]: pam_unix(su:session): session closed for user rubyman
May 12 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379360.
May 12 14:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May 12 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17485]: pam_unix(cron:session): session closed for user root
May 12 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Failed password for root from 218.92.0.218 port 37490 ssh2
May 12 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20239]: pam_unix(cron:session): session closed for user samftp
May 12 14:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May 12 14:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Failed password for root from 218.92.0.218 port 37490 ssh2
May 12 14:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Failed password for root from 218.92.0.222 port 33580 ssh2
May 12 14:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Failed password for root from 218.92.0.218 port 37490 ssh2
May 12 14:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Received disconnect from 218.92.0.218 port 37490:11:  [preauth]
May 12 14:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Disconnected from 218.92.0.218 port 37490 [preauth]
May 12 14:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May 12 14:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Failed password for root from 218.92.0.222 port 33580 ssh2
May 12 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Failed password for root from 218.92.0.222 port 33580 ssh2
May 12 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Received disconnect from 218.92.0.222 port 33580:11:  [preauth]
May 12 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Disconnected from 218.92.0.222 port 33580 [preauth]
May 12 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May 12 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May 12 14:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: Failed password for root from 218.92.0.222 port 48252 ssh2
May 12 14:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 48252 ssh2]
May 12 14:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: Received disconnect from 218.92.0.222 port 48252:11:  [preauth]
May 12 14:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: Disconnected from 218.92.0.222 port 48252 [preauth]
May 12 14:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May 12 14:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May 12 14:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Failed password for root from 218.92.0.222 port 34706 ssh2
May 12 14:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 34706 ssh2]
May 12 14:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Received disconnect from 218.92.0.222 port 34706:11:  [preauth]
May 12 14:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Disconnected from 218.92.0.222 port 34706 [preauth]
May 12 14:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May 12 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19282]: pam_unix(cron:session): session closed for user root
May 12 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20660]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20657]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20655]: pam_unix(cron:session): session closed for user p13x
May 12 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20721]: Successful su for rubyman by root
May 12 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20721]: + ??? root:rubyman
May 12 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379363 of user rubyman.
May 12 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20721]: pam_unix(su:session): session closed for user rubyman
May 12 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379363.
May 12 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session closed for user root
May 12 14:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20656]: pam_unix(cron:session): session closed for user samftp
May 12 14:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19805]: pam_unix(cron:session): session closed for user root
May 12 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21066]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21067]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21064]: pam_unix(cron:session): session closed for user p13x
May 12 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21136]: Successful su for rubyman by root
May 12 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21136]: + ??? root:rubyman
May 12 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379368 of user rubyman.
May 12 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21136]: pam_unix(su:session): session closed for user rubyman
May 12 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379368.
May 12 14:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18472]: pam_unix(cron:session): session closed for user root
May 12 14:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21065]: pam_unix(cron:session): session closed for user samftp
May 12 14:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20241]: pam_unix(cron:session): session closed for user root
May 12 14:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May 12 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21524]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21525]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21522]: pam_unix(cron:session): session closed for user p13x
May 12 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Failed password for root from 218.92.0.226 port 51950 ssh2
May 12 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21597]: Successful su for rubyman by root
May 12 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21597]: + ??? root:rubyman
May 12 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379372 of user rubyman.
May 12 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21597]: pam_unix(su:session): session closed for user rubyman
May 12 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379372.
May 12 14:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18876]: pam_unix(cron:session): session closed for user root
May 12 14:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Failed password for root from 218.92.0.226 port 51950 ssh2
May 12 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Failed password for root from 218.92.0.226 port 51950 ssh2
May 12 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Received disconnect from 218.92.0.226 port 51950:11:  [preauth]
May 12 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Disconnected from 218.92.0.226 port 51950 [preauth]
May 12 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May 12 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21523]: pam_unix(cron:session): session closed for user samftp
May 12 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20660]: pam_unix(cron:session): session closed for user root
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22276]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22275]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22274]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22279]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22281]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22281]: pam_unix(cron:session): session closed for user root
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22273]: pam_unix(cron:session): session closed for user p13x
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22353]: Successful su for rubyman by root
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22353]: + ??? root:rubyman
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379379 of user rubyman.
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22353]: pam_unix(su:session): session closed for user rubyman
May 12 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379379.
May 12 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22275]: pam_unix(cron:session): session closed for user root
May 12 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19281]: pam_unix(cron:session): session closed for user root
May 12 14:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22274]: pam_unix(cron:session): session closed for user samftp
May 12 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21067]: pam_unix(cron:session): session closed for user root
May 12 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22775]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22777]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22772]: pam_unix(cron:session): session closed for user p13x
May 12 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22855]: Successful su for rubyman by root
May 12 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22855]: + ??? root:rubyman
May 12 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379381 of user rubyman.
May 12 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22855]: pam_unix(su:session): session closed for user rubyman
May 12 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379381.
May 12 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19804]: pam_unix(cron:session): session closed for user root
May 12 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22773]: pam_unix(cron:session): session closed for user samftp
May 12 14:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21525]: pam_unix(cron:session): session closed for user root
May 12 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23239]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23239]: pam_unix(cron:session): session closed for user root
May 12 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23241]: pam_unix(cron:session): session closed for user p13x
May 12 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23302]: Successful su for rubyman by root
May 12 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23302]: + ??? root:rubyman
May 12 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379386 of user rubyman.
May 12 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23302]: pam_unix(su:session): session closed for user rubyman
May 12 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379386.
May 12 14:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20240]: pam_unix(cron:session): session closed for user root
May 12 14:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23242]: pam_unix(cron:session): session closed for user samftp
May 12 14:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22279]: pam_unix(cron:session): session closed for user root
May 12 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23744]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23743]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session closed for user p13x
May 12 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23904]: Successful su for rubyman by root
May 12 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23904]: + ??? root:rubyman
May 12 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379390 of user rubyman.
May 12 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23904]: pam_unix(su:session): session closed for user rubyman
May 12 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379390.
May 12 14:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20657]: pam_unix(cron:session): session closed for user root
May 12 14:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23742]: pam_unix(cron:session): session closed for user samftp
May 12 14:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22777]: pam_unix(cron:session): session closed for user root
May 12 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24273]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24274]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24271]: pam_unix(cron:session): session closed for user p13x
May 12 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24342]: Successful su for rubyman by root
May 12 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24342]: + ??? root:rubyman
May 12 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379395 of user rubyman.
May 12 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24342]: pam_unix(su:session): session closed for user rubyman
May 12 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379395.
May 12 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21066]: pam_unix(cron:session): session closed for user root
May 12 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24272]: pam_unix(cron:session): session closed for user samftp
May 12 14:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: Failed password for root from 218.92.0.179 port 18927 ssh2
May 12 14:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18927 ssh2]
May 12 14:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: Received disconnect from 218.92.0.179 port 18927:11:  [preauth]
May 12 14:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: Disconnected from 218.92.0.179 port 18927 [preauth]
May 12 14:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 14:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session closed for user root
May 12 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24715]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24716]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24718]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24717]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24718]: pam_unix(cron:session): session closed for user root
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24713]: pam_unix(cron:session): session closed for user p13x
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24778]: Successful su for rubyman by root
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24778]: + ??? root:rubyman
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379397 of user rubyman.
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24778]: pam_unix(su:session): session closed for user rubyman
May 12 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379397.
May 12 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24715]: pam_unix(cron:session): session closed for user root
May 12 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21524]: pam_unix(cron:session): session closed for user root
May 12 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24714]: pam_unix(cron:session): session closed for user samftp
May 12 14:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Failed password for root from 80.94.95.125 port 47445 ssh2
May 12 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Received disconnect from 80.94.95.125 port 47445:11: Bye [preauth]
May 12 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Disconnected from 80.94.95.125 port 47445 [preauth]
May 12 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23744]: pam_unix(cron:session): session closed for user root
May 12 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25154]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25155]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25152]: pam_unix(cron:session): session closed for user p13x
May 12 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25217]: Successful su for rubyman by root
May 12 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25217]: + ??? root:rubyman
May 12 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379404 of user rubyman.
May 12 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25217]: pam_unix(su:session): session closed for user rubyman
May 12 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379404.
May 12 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22276]: pam_unix(cron:session): session closed for user root
May 12 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25153]: pam_unix(cron:session): session closed for user samftp
May 12 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24274]: pam_unix(cron:session): session closed for user root
May 12 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25588]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25587]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25581]: pam_unix(cron:session): session closed for user p13x
May 12 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: Successful su for rubyman by root
May 12 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: + ??? root:rubyman
May 12 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379407 of user rubyman.
May 12 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: pam_unix(su:session): session closed for user rubyman
May 12 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379407.
May 12 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22775]: pam_unix(cron:session): session closed for user root
May 12 14:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25582]: pam_unix(cron:session): session closed for user samftp
May 12 14:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24717]: pam_unix(cron:session): session closed for user root
May 12 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26073]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26070]: pam_unix(cron:session): session closed for user p13x
May 12 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26133]: Successful su for rubyman by root
May 12 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26133]: + ??? root:rubyman
May 12 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379412 of user rubyman.
May 12 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26133]: pam_unix(su:session): session closed for user rubyman
May 12 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379412.
May 12 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session closed for user root
May 12 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session closed for user samftp
May 12 14:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May 12 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Failed password for root from 218.92.0.103 port 50976 ssh2
May 12 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: message repeated 2 times: [ Failed password for root from 218.92.0.103 port 50976 ssh2]
May 12 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Received disconnect from 218.92.0.103 port 50976:11:  [preauth]
May 12 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Disconnected from 218.92.0.103 port 50976 [preauth]
May 12 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May 12 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25155]: pam_unix(cron:session): session closed for user root
May 12 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26560]: pam_unix(cron:session): session closed for user p13x
May 12 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26620]: Successful su for rubyman by root
May 12 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26620]: + ??? root:rubyman
May 12 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379416 of user rubyman.
May 12 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26620]: pam_unix(su:session): session closed for user rubyman
May 12 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379416.
May 12 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23743]: pam_unix(cron:session): session closed for user root
May 12 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session closed for user samftp
May 12 14:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25588]: pam_unix(cron:session): session closed for user root
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27054]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session closed for user root
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27052]: pam_unix(cron:session): session closed for user p13x
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: Successful su for rubyman by root
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: + ??? root:rubyman
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379423 of user rubyman.
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: pam_unix(su:session): session closed for user rubyman
May 12 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379423.
May 12 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24273]: pam_unix(cron:session): session closed for user root
May 12 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27054]: pam_unix(cron:session): session closed for user root
May 12 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27053]: pam_unix(cron:session): session closed for user samftp
May 12 14:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: Failed password for root from 80.94.95.15 port 44255 ssh2
May 12 14:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: message repeated 4 times: [ Failed password for root from 80.94.95.15 port 44255 ssh2]
May 12 14:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: Received disconnect from 80.94.95.15 port 44255:11: Bye [preauth]
May 12 14:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: Disconnected from 80.94.95.15 port 44255 [preauth]
May 12 14:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 14:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26073]: pam_unix(cron:session): session closed for user root
May 12 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27622]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27621]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27618]: pam_unix(cron:session): session closed for user p13x
May 12 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27689]: Successful su for rubyman by root
May 12 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27689]: + ??? root:rubyman
May 12 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379427 of user rubyman.
May 12 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27689]: pam_unix(su:session): session closed for user rubyman
May 12 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379427.
May 12 14:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24716]: pam_unix(cron:session): session closed for user root
May 12 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27620]: pam_unix(cron:session): session closed for user samftp
May 12 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session closed for user root
May 12 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28067]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28066]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28064]: pam_unix(cron:session): session closed for user p13x
May 12 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28123]: Successful su for rubyman by root
May 12 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28123]: + ??? root:rubyman
May 12 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379430 of user rubyman.
May 12 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28123]: pam_unix(su:session): session closed for user rubyman
May 12 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379430.
May 12 14:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25154]: pam_unix(cron:session): session closed for user root
May 12 14:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28065]: pam_unix(cron:session): session closed for user samftp
May 12 14:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 14:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: Failed password for root from 218.92.0.179 port 37856 ssh2
May 12 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 37856 ssh2]
May 12 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: Received disconnect from 218.92.0.179 port 37856:11:  [preauth]
May 12 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: Disconnected from 218.92.0.179 port 37856 [preauth]
May 12 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 14:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session closed for user root
May 12 14:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28495]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28496]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28493]: pam_unix(cron:session): session closed for user p13x
May 12 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28554]: Successful su for rubyman by root
May 12 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28554]: + ??? root:rubyman
May 12 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379435 of user rubyman.
May 12 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28554]: pam_unix(su:session): session closed for user rubyman
May 12 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379435.
May 12 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25587]: pam_unix(cron:session): session closed for user root
May 12 14:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28494]: pam_unix(cron:session): session closed for user samftp
May 12 14:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May 12 14:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: Failed password for root from 218.92.0.237 port 61364 ssh2
May 12 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: message repeated 2 times: [ Failed password for root from 218.92.0.237 port 61364 ssh2]
May 12 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: Received disconnect from 218.92.0.237 port 61364:11:  [preauth]
May 12 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: Disconnected from 218.92.0.237 port 61364 [preauth]
May 12 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May 12 14:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27622]: pam_unix(cron:session): session closed for user root
May 12 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28897]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28896]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28893]: pam_unix(cron:session): session closed for user p13x
May 12 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28957]: Successful su for rubyman by root
May 12 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28957]: + ??? root:rubyman
May 12 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379438 of user rubyman.
May 12 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28957]: pam_unix(su:session): session closed for user rubyman
May 12 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379438.
May 12 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session closed for user root
May 12 14:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28895]: pam_unix(cron:session): session closed for user samftp
May 12 14:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 14:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: Failed password for root from 218.92.0.198 port 49410 ssh2
May 12 14:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 49410 ssh2]
May 12 14:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: Received disconnect from 218.92.0.198 port 49410:11:  [preauth]
May 12 14:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: Disconnected from 218.92.0.198 port 49410 [preauth]
May 12 14:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 14:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28067]: pam_unix(cron:session): session closed for user root
May 12 14:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 14:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Failed password for root from 218.92.0.198 port 52166 ssh2
May 12 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Failed password for root from 218.92.0.198 port 52166 ssh2
May 12 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29408]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29405]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29407]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29406]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29408]: pam_unix(cron:session): session closed for user root
May 12 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29403]: pam_unix(cron:session): session closed for user p13x
May 12 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29474]: Successful su for rubyman by root
May 12 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29474]: + ??? root:rubyman
May 12 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379444 of user rubyman.
May 12 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29474]: pam_unix(su:session): session closed for user rubyman
May 12 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379444.
May 12 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Failed password for root from 218.92.0.198 port 52166 ssh2
May 12 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Received disconnect from 218.92.0.198 port 52166:11:  [preauth]
May 12 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Disconnected from 218.92.0.198 port 52166 [preauth]
May 12 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May 12 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session closed for user root
May 12 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29405]: pam_unix(cron:session): session closed for user root
May 12 14:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session closed for user samftp
May 12 14:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28496]: pam_unix(cron:session): session closed for user root
May 12 14:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Invalid user abc1 from 193.32.162.157
May 12 14:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: input_userauth_request: invalid user abc1 [preauth]
May 12 14:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 14:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Failed password for invalid user abc1 from 193.32.162.157 port 19466 ssh2
May 12 14:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Connection closed by 193.32.162.157 port 19466 [preauth]
May 12 14:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Invalid user monerod from 193.32.162.157
May 12 14:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: input_userauth_request: invalid user monerod [preauth]
May 12 14:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 14:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Failed password for invalid user monerod from 193.32.162.157 port 9046 ssh2
May 12 14:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Connection closed by 193.32.162.157 port 9046 [preauth]
May 12 14:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29864]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29862]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session closed for user p13x
May 12 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29937]: Successful su for rubyman by root
May 12 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29937]: + ??? root:rubyman
May 12 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379447 of user rubyman.
May 12 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29937]: pam_unix(su:session): session closed for user rubyman
May 12 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379447.
May 12 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session closed for user root
May 12 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29861]: pam_unix(cron:session): session closed for user samftp
May 12 14:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Invalid user bbbb from 193.32.162.157
May 12 14:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: input_userauth_request: invalid user bbbb [preauth]
May 12 14:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 14:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Failed password for invalid user bbbb from 193.32.162.157 port 64602 ssh2
May 12 14:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: Received disconnect from 218.92.0.198 port 41916:11:  [preauth]
May 12 14:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: Disconnected from 218.92.0.198 port 41916 [preauth]
May 12 14:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Connection closed by 193.32.162.157 port 64602 [preauth]
May 12 14:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May 12 14:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30160]: Failed password for root from 218.92.0.203 port 31122 ssh2
May 12 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: Invalid user bitcoin from 193.32.162.157
May 12 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: input_userauth_request: invalid user bitcoin [preauth]
May 12 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28897]: pam_unix(cron:session): session closed for user root
May 12 14:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: Failed password for invalid user bitcoin from 193.32.162.157 port 35382 ssh2
May 12 14:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: Connection closed by 193.32.162.157 port 35382 [preauth]
May 12 14:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May 12 14:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Failed password for root from 218.92.0.203 port 60808 ssh2
May 12 14:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30221]: Invalid user bb from 193.32.162.157
May 12 14:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30221]: input_userauth_request: invalid user bb [preauth]
May 12 14:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30221]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 14:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30221]: Failed password for invalid user bb from 193.32.162.157 port 49358 ssh2
May 12 14:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30221]: Connection closed by 193.32.162.157 port 49358 [preauth]
May 12 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session closed for user p13x
May 12 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30344]: Successful su for rubyman by root
May 12 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30344]: + ??? root:rubyman
May 12 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379451 of user rubyman.
May 12 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30344]: pam_unix(su:session): session closed for user rubyman
May 12 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379451.
May 12 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27621]: pam_unix(cron:session): session closed for user root
May 12 14:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session closed for user samftp
May 12 14:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29407]: pam_unix(cron:session): session closed for user root
May 12 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30678]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30677]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30675]: pam_unix(cron:session): session closed for user p13x
May 12 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: Successful su for rubyman by root
May 12 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: + ??? root:rubyman
May 12 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379457 of user rubyman.
May 12 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: pam_unix(su:session): session closed for user rubyman
May 12 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379457.
May 12 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28066]: pam_unix(cron:session): session closed for user root
May 12 14:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30676]: pam_unix(cron:session): session closed for user samftp
May 12 14:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31021]: Invalid user admin from 80.94.95.125
May 12 14:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31021]: input_userauth_request: invalid user admin [preauth]
May 12 14:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31021]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 14:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31021]: Failed password for invalid user admin from 80.94.95.125 port 28850 ssh2
May 12 14:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31021]: Received disconnect from 80.94.95.125 port 28850:11: Bye [preauth]
May 12 14:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31021]: Disconnected from 80.94.95.125 port 28850 [preauth]
May 12 14:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29864]: pam_unix(cron:session): session closed for user root
May 12 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31173]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31175]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31171]: pam_unix(cron:session): session closed for user p13x
May 12 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31232]: Successful su for rubyman by root
May 12 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31232]: + ??? root:rubyman
May 12 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379460 of user rubyman.
May 12 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31232]: pam_unix(su:session): session closed for user rubyman
May 12 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379460.
May 12 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28495]: pam_unix(cron:session): session closed for user root
May 12 14:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31172]: pam_unix(cron:session): session closed for user samftp
May 12 14:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31483]: Did not receive identification string from 193.32.162.84
May 12 14:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session closed for user root
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31582]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31583]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31583]: pam_unix(cron:session): session closed for user root
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31578]: pam_unix(cron:session): session closed for user p13x
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31659]: Successful su for rubyman by root
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31659]: + ??? root:rubyman
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379467 of user rubyman.
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31659]: pam_unix(su:session): session closed for user rubyman
May 12 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379467.
May 12 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28896]: pam_unix(cron:session): session closed for user root
May 12 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session closed for user root
May 12 14:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31579]: pam_unix(cron:session): session closed for user samftp
May 12 14:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Invalid user admin from 80.94.95.112
May 12 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: input_userauth_request: invalid user admin [preauth]
May 12 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Failed password for invalid user admin from 80.94.95.112 port 11751 ssh2
May 12 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30678]: pam_unix(cron:session): session closed for user root
May 12 14:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Failed password for invalid user admin from 80.94.95.112 port 11751 ssh2
May 12 14:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Failed password for invalid user admin from 80.94.95.112 port 11751 ssh2
May 12 14:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Failed password for invalid user admin from 80.94.95.112 port 11751 ssh2
May 12 14:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Failed password for invalid user admin from 80.94.95.112 port 11751 ssh2
May 12 14:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Received disconnect from 80.94.95.112 port 11751:11: Bye [preauth]
May 12 14:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Disconnected from 80.94.95.112 port 11751 [preauth]
May 12 14:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 14:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32333]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32334]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32331]: pam_unix(cron:session): session closed for user p13x
May 12 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: Successful su for rubyman by root
May 12 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: + ??? root:rubyman
May 12 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379471 of user rubyman.
May 12 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: pam_unix(su:session): session closed for user rubyman
May 12 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379471.
May 12 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29406]: pam_unix(cron:session): session closed for user root
May 12 14:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session closed for user samftp
May 12 14:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31175]: pam_unix(cron:session): session closed for user root
May 12 14:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[427]: Bad protocol version identification '\026\003\001\001\027\001' from 165.154.120.29 port 57624
May 12 14:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[475]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[470]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[467]: pam_unix(cron:session): session closed for user p13x
May 12 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[549]: Successful su for rubyman by root
May 12 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[549]: + ??? root:rubyman
May 12 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379473 of user rubyman.
May 12 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[549]: pam_unix(su:session): session closed for user rubyman
May 12 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379473.
May 12 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29862]: pam_unix(cron:session): session closed for user root
May 12 14:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[468]: pam_unix(cron:session): session closed for user samftp
May 12 14:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Did not receive identification string from 165.154.120.29
May 12 14:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[771]: Connection closed by 165.154.120.29 port 56818 [preauth]
May 12 14:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Protocol major versions differ for 165.154.120.29: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
May 12 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31582]: pam_unix(cron:session): session closed for user root
May 12 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[937]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[935]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[933]: pam_unix(cron:session): session closed for user p13x
May 12 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: Successful su for rubyman by root
May 12 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: + ??? root:rubyman
May 12 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379480 of user rubyman.
May 12 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: pam_unix(su:session): session closed for user rubyman
May 12 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379480.
May 12 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session closed for user root
May 12 14:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[934]: pam_unix(cron:session): session closed for user samftp
May 12 14:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32334]: pam_unix(cron:session): session closed for user root
May 12 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1424]: pam_unix(cron:session): session closed for user p13x
May 12 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1581]: Successful su for rubyman by root
May 12 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1581]: + ??? root:rubyman
May 12 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379483 of user rubyman.
May 12 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1581]: pam_unix(su:session): session closed for user rubyman
May 12 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379483.
May 12 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session closed for user root
May 12 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30677]: pam_unix(cron:session): session closed for user root
May 12 14:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1425]: pam_unix(cron:session): session closed for user samftp
May 12 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[475]: pam_unix(cron:session): session closed for user root
May 12 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2080]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2081]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2079]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2082]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2082]: pam_unix(cron:session): session closed for user root
May 12 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2076]: pam_unix(cron:session): session closed for user p13x
May 12 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2148]: Successful su for rubyman by root
May 12 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2148]: + ??? root:rubyman
May 12 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379487 of user rubyman.
May 12 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2148]: pam_unix(su:session): session closed for user rubyman
May 12 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379487.
May 12 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2079]: pam_unix(cron:session): session closed for user root
May 12 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31173]: pam_unix(cron:session): session closed for user root
May 12 14:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2078]: pam_unix(cron:session): session closed for user samftp
May 12 14:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[937]: pam_unix(cron:session): session closed for user root
May 12 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May 12 14:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: Failed password for root from 164.68.105.9 port 33346 ssh2
May 12 14:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: Connection closed by 164.68.105.9 port 33346 [preauth]
May 12 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2541]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2538]: pam_unix(cron:session): session closed for user p13x
May 12 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2620]: Successful su for rubyman by root
May 12 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2620]: + ??? root:rubyman
May 12 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379494 of user rubyman.
May 12 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2620]: pam_unix(su:session): session closed for user rubyman
May 12 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379494.
May 12 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session closed for user root
May 12 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session closed for user samftp
May 12 14:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session closed for user root
May 12 14:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May 12 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session closed for user p13x
May 12 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3046]: Successful su for rubyman by root
May 12 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3046]: + ??? root:rubyman
May 12 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379498 of user rubyman.
May 12 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3046]: pam_unix(su:session): session closed for user rubyman
May 12 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379498.
May 12 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Failed password for root from 218.92.0.216 port 58836 ssh2
May 12 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Failed password for root from 218.92.0.216 port 58836 ssh2
May 12 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32333]: pam_unix(cron:session): session closed for user root
May 12 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Failed password for root from 218.92.0.216 port 58836 ssh2
May 12 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Received disconnect from 218.92.0.216 port 58836:11:  [preauth]
May 12 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Disconnected from 218.92.0.216 port 58836 [preauth]
May 12 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May 12 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session closed for user samftp
May 12 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2081]: pam_unix(cron:session): session closed for user root
May 12 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3408]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3407]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3405]: pam_unix(cron:session): session closed for user p13x
May 12 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3478]: Successful su for rubyman by root
May 12 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3478]: + ??? root:rubyman
May 12 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379500 of user rubyman.
May 12 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3478]: pam_unix(su:session): session closed for user rubyman
May 12 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379500.
May 12 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[470]: pam_unix(cron:session): session closed for user root
May 12 14:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3406]: pam_unix(cron:session): session closed for user samftp
May 12 14:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session closed for user root
May 12 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 14:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: Failed password for root from 218.92.0.233 port 44290 ssh2
May 12 14:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 44290 ssh2]
May 12 14:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: Received disconnect from 218.92.0.233 port 44290:11:  [preauth]
May 12 14:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: Disconnected from 218.92.0.233 port 44290 [preauth]
May 12 14:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3750]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 14:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 14:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: Failed password for root from 218.92.0.233 port 34140 ssh2
May 12 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 34140 ssh2]
May 12 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: Received disconnect from 218.92.0.233 port 34140:11:  [preauth]
May 12 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: Disconnected from 218.92.0.233 port 34140 [preauth]
May 12 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 14:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: Failed password for root from 218.92.0.233 port 34174 ssh2
May 12 14:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 34174 ssh2]
May 12 14:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: Received disconnect from 218.92.0.233 port 34174:11:  [preauth]
May 12 14:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: Disconnected from 218.92.0.233 port 34174 [preauth]
May 12 14:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May 12 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3846]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session closed for user p13x
May 12 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3907]: Successful su for rubyman by root
May 12 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3907]: + ??? root:rubyman
May 12 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379505 of user rubyman.
May 12 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3907]: pam_unix(su:session): session closed for user rubyman
May 12 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379505.
May 12 14:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[935]: pam_unix(cron:session): session closed for user root
May 12 14:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session closed for user samftp
May 12 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session closed for user root
May 12 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4426]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4427]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4427]: pam_unix(cron:session): session closed for user root
May 12 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4422]: pam_unix(cron:session): session closed for user p13x
May 12 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4507]: Successful su for rubyman by root
May 12 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4507]: + ??? root:rubyman
May 12 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379511 of user rubyman.
May 12 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4507]: pam_unix(su:session): session closed for user rubyman
May 12 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379511.
May 12 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session closed for user root
May 12 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session closed for user root
May 12 14:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session closed for user samftp
May 12 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 14:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: Failed password for root from 218.92.0.228 port 35504 ssh2
May 12 14:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 35504 ssh2]
May 12 14:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: Received disconnect from 218.92.0.228 port 35504:11:  [preauth]
May 12 14:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: Disconnected from 218.92.0.228 port 35504 [preauth]
May 12 14:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4714]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 14:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 14:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Failed password for root from 218.92.0.228 port 37148 ssh2
May 12 14:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 37148 ssh2]
May 12 14:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Received disconnect from 218.92.0.228 port 37148:11:  [preauth]
May 12 14:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Disconnected from 218.92.0.228 port 37148 [preauth]
May 12 14:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 14:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 14:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Failed password for root from 218.92.0.228 port 37156 ssh2
May 12 14:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 37156 ssh2]
May 12 14:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Received disconnect from 218.92.0.228 port 37156:11:  [preauth]
May 12 14:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Disconnected from 218.92.0.228 port 37156 [preauth]
May 12 14:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May 12 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3408]: pam_unix(cron:session): session closed for user root
May 12 14:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May 12 14:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: Failed password for root from 218.92.0.220 port 55720 ssh2
May 12 14:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: message repeated 2 times: [ Failed password for root from 218.92.0.220 port 55720 ssh2]
May 12 14:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: Received disconnect from 218.92.0.220 port 55720:11:  [preauth]
May 12 14:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: Disconnected from 218.92.0.220 port 55720 [preauth]
May 12 14:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May 12 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4898]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4897]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4899]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4894]: pam_unix(cron:session): session closed for user p13x
May 12 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4898]: pam_unix(cron:session): session closed for user root
May 12 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4977]: Successful su for rubyman by root
May 12 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4977]: + ??? root:rubyman
May 12 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379516 of user rubyman.
May 12 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4977]: pam_unix(su:session): session closed for user rubyman
May 12 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379516.
May 12 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2080]: pam_unix(cron:session): session closed for user root
May 12 14:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4896]: pam_unix(cron:session): session closed for user samftp
May 12 14:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May 12 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: Failed password for root from 218.92.0.205 port 62978 ssh2
May 12 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: message repeated 4 times: [ Failed password for root from 218.92.0.205 port 62978 ssh2]
May 12 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 62978 ssh2 [preauth]
May 12 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: Disconnecting: Too many authentication failures [preauth]
May 12 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May 12 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Invalid user admin from 80.94.95.125
May 12 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: input_userauth_request: invalid user admin [preauth]
May 12 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 14:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May 12 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Failed password for invalid user admin from 80.94.95.125 port 13835 ssh2
May 12 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Received disconnect from 80.94.95.125 port 13835:11: Bye [preauth]
May 12 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Disconnected from 80.94.95.125 port 13835 [preauth]
May 12 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: Failed password for root from 218.92.0.205 port 57628 ssh2
May 12 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session closed for user root
May 12 14:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: Failed password for root from 218.92.0.205 port 57628 ssh2
May 12 14:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: message repeated 4 times: [ Failed password for root from 218.92.0.205 port 57628 ssh2]
May 12 14:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 57628 ssh2 [preauth]
May 12 14:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: Disconnecting: Too many authentication failures [preauth]
May 12 14:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May 12 14:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 14:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May 12 14:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Failed password for root from 218.92.0.205 port 3872 ssh2
May 12 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Received disconnect from 218.92.0.205 port 3872:11:  [preauth]
May 12 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Disconnected from 218.92.0.205 port 3872 [preauth]
May 12 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5557]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5556]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5553]: pam_unix(cron:session): session closed for user p13x
May 12 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5649]: Successful su for rubyman by root
May 12 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5649]: + ??? root:rubyman
May 12 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379519 of user rubyman.
May 12 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5649]: pam_unix(su:session): session closed for user rubyman
May 12 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379519.
May 12 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2541]: pam_unix(cron:session): session closed for user root
May 12 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5554]: pam_unix(cron:session): session closed for user samftp
May 12 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4426]: pam_unix(cron:session): session closed for user root
May 12 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6082]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6079]: pam_unix(cron:session): session closed for user p13x
May 12 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6150]: Successful su for rubyman by root
May 12 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6150]: + ??? root:rubyman
May 12 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379523 of user rubyman.
May 12 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6150]: pam_unix(su:session): session closed for user rubyman
May 12 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379523.
May 12 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session closed for user root
May 12 14:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6080]: pam_unix(cron:session): session closed for user samftp
May 12 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May 12 14:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Failed password for root from 45.6.188.43 port 49888 ssh2
May 12 14:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Connection closed by 45.6.188.43 port 49888 [preauth]
May 12 14:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4899]: pam_unix(cron:session): session closed for user root
May 12 14:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Invalid user ftp_inst from 185.93.89.118
May 12 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: input_userauth_request: invalid user ftp_inst [preauth]
May 12 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Failed password for invalid user ftp_inst from 185.93.89.118 port 58142 ssh2
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session closed for user p13x
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6550]: Successful su for rubyman by root
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6550]: + ??? root:rubyman
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379527 of user rubyman.
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6550]: pam_unix(su:session): session closed for user rubyman
May 12 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379527.
May 12 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Connection closed by 185.93.89.118 port 58142 [preauth]
May 12 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3407]: pam_unix(cron:session): session closed for user root
May 12 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session closed for user samftp
May 12 14:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6679]: User ftp from 185.93.89.118 not allowed because not listed in AllowUsers
May 12 14:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6679]: input_userauth_request: invalid user ftp [preauth]
May 12 14:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=ftp
May 12 14:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6679]: Failed password for invalid user ftp from 185.93.89.118 port 1534 ssh2
May 12 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6679]: Connection closed by 185.93.89.118 port 1534 [preauth]
May 12 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5557]: pam_unix(cron:session): session closed for user root
May 12 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6790]: Invalid user ftpadmin from 185.93.89.118
May 12 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6790]: input_userauth_request: invalid user ftpadmin [preauth]
May 12 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6790]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 14:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6790]: Failed password for invalid user ftpadmin from 185.93.89.118 port 46840 ssh2
May 12 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6790]: Connection closed by 185.93.89.118 port 46840 [preauth]
May 12 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Invalid user ftpuser from 185.93.89.118
May 12 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: input_userauth_request: invalid user ftpuser [preauth]
May 12 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 14:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Failed password for invalid user ftpuser from 185.93.89.118 port 59856 ssh2
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6904]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6903]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session closed for user root
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6901]: pam_unix(cron:session): session closed for user p13x
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7071]: Successful su for rubyman by root
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7071]: + ??? root:rubyman
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379534 of user rubyman.
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7071]: pam_unix(su:session): session closed for user rubyman
May 12 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379534.
May 12 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Connection closed by 185.93.89.118 port 59856 [preauth]
May 12 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6903]: pam_unix(cron:session): session closed for user root
May 12 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3846]: pam_unix(cron:session): session closed for user root
May 12 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6902]: pam_unix(cron:session): session closed for user samftp
May 12 14:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: Invalid user ftptest from 185.93.89.118
May 12 14:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: input_userauth_request: invalid user ftptest [preauth]
May 12 14:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: pam_unix(sshd:auth): check pass; user unknown
May 12 14:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 14:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: Failed password for invalid user ftptest from 185.93.89.118 port 25872 ssh2
May 12 14:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: Connection closed by 185.93.89.118 port 25872 [preauth]
May 12 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session closed for user root
May 12 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7455]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7454]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session closed for user p13x
May 12 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7631]: Successful su for rubyman by root
May 12 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7631]: + ??? root:rubyman
May 12 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379537 of user rubyman.
May 12 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7631]: pam_unix(su:session): session closed for user rubyman
May 12 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379537.
May 12 14:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session closed for user root
May 12 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session closed for user samftp
May 12 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session closed for user root
May 12 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7999]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7998]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7996]: pam_unix(cron:session): session closed for user p13x
May 12 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8055]: Successful su for rubyman by root
May 12 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8055]: + ??? root:rubyman
May 12 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379542 of user rubyman.
May 12 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8055]: pam_unix(su:session): session closed for user rubyman
May 12 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379542.
May 12 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4897]: pam_unix(cron:session): session closed for user root
May 12 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session closed for user samftp
May 12 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6992]: pam_unix(cron:session): session closed for user root
May 12 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8419]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session closed for user p13x
May 12 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8485]: Successful su for rubyman by root
May 12 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8485]: + ??? root:rubyman
May 12 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379546 of user rubyman.
May 12 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8485]: pam_unix(su:session): session closed for user rubyman
May 12 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379546.
May 12 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5556]: pam_unix(cron:session): session closed for user root
May 12 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session closed for user samftp
May 12 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7455]: pam_unix(cron:session): session closed for user root
May 12 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8847]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8846]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session closed for user p13x
May 12 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8906]: Successful su for rubyman by root
May 12 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8906]: + ??? root:rubyman
May 12 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379549 of user rubyman.
May 12 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8906]: pam_unix(su:session): session closed for user rubyman
May 12 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379549.
May 12 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6082]: pam_unix(cron:session): session closed for user root
May 12 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8845]: pam_unix(cron:session): session closed for user samftp
May 12 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7999]: pam_unix(cron:session): session closed for user root
May 12 14:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 14:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Failed password for root from 218.92.0.231 port 45964 ssh2
May 12 14:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 45964 ssh2]
May 12 14:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Received disconnect from 218.92.0.231 port 45964:11:  [preauth]
May 12 14:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Disconnected from 218.92.0.231 port 45964 [preauth]
May 12 14:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9373]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9374]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9372]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session closed for user root
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9370]: pam_unix(cron:session): session closed for user p13x
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9443]: Successful su for rubyman by root
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9443]: + ??? root:rubyman
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379555 of user rubyman.
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9443]: pam_unix(su:session): session closed for user rubyman
May 12 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379555.
May 12 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9372]: pam_unix(cron:session): session closed for user root
May 12 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session closed for user root
May 12 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9371]: pam_unix(cron:session): session closed for user samftp
May 12 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session closed for user root
May 12 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9812]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9809]: pam_unix(cron:session): session closed for user p13x
May 12 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9877]: Successful su for rubyman by root
May 12 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9877]: + ??? root:rubyman
May 12 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379560 of user rubyman.
May 12 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9877]: pam_unix(su:session): session closed for user rubyman
May 12 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379560.
May 12 14:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6904]: pam_unix(cron:session): session closed for user root
May 12 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9810]: pam_unix(cron:session): session closed for user samftp
May 12 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8847]: pam_unix(cron:session): session closed for user root
May 12 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10298]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10299]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10230]: pam_unix(cron:session): session closed for user p13x
May 12 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10360]: Successful su for rubyman by root
May 12 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10360]: + ??? root:rubyman
May 12 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379563 of user rubyman.
May 12 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10360]: pam_unix(su:session): session closed for user rubyman
May 12 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379563.
May 12 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7454]: pam_unix(cron:session): session closed for user root
May 12 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10231]: pam_unix(cron:session): session closed for user samftp
May 12 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9374]: pam_unix(cron:session): session closed for user root
May 12 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session closed for user p13x
May 12 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10841]: Successful su for rubyman by root
May 12 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10841]: + ??? root:rubyman
May 12 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379568 of user rubyman.
May 12 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10841]: pam_unix(su:session): session closed for user rubyman
May 12 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379568.
May 12 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7998]: pam_unix(cron:session): session closed for user root
May 12 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session closed for user samftp
May 12 14:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 14:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: Failed password for root from 218.92.0.179 port 27604 ssh2
May 12 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 27604 ssh2]
May 12 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: Received disconnect from 218.92.0.179 port 27604:11:  [preauth]
May 12 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: Disconnected from 218.92.0.179 port 27604 [preauth]
May 12 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9812]: pam_unix(cron:session): session closed for user root
May 12 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11177]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11178]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session closed for user p13x
May 12 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11238]: Successful su for rubyman by root
May 12 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11238]: + ??? root:rubyman
May 12 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379571 of user rubyman.
May 12 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11238]: pam_unix(su:session): session closed for user rubyman
May 12 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379571.
May 12 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8419]: pam_unix(cron:session): session closed for user root
May 12 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session closed for user samftp
May 12 14:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10299]: pam_unix(cron:session): session closed for user root
May 12 14:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 14:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May 12 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Failed password for root from 80.94.95.125 port 44137 ssh2
May 12 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Received disconnect from 80.94.95.125 port 44137:11: Bye [preauth]
May 12 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Disconnected from 80.94.95.125 port 44137 [preauth]
May 12 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11516]: Failed password for root from 218.92.0.236 port 23654 ssh2
May 12 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11516]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 23654 ssh2]
May 12 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11516]: Received disconnect from 218.92.0.236 port 23654:11:  [preauth]
May 12 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11516]: Disconnected from 218.92.0.236 port 23654 [preauth]
May 12 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11516]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May 12 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11588]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11590]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11589]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11591]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session closed for user root
May 12 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11588]: pam_unix(cron:session): session closed for user root
May 12 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11585]: pam_unix(cron:session): session closed for user p13x
May 12 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: Failed password for root from 218.92.0.229 port 36738 ssh2
May 12 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: Invalid user va from 176.205.243.106
May 12 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: input_userauth_request: invalid user va [preauth]
May 12 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11677]: Successful su for rubyman by root
May 12 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11677]: + ??? root:rubyman
May 12 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379575 of user rubyman.
May 12 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11677]: pam_unix(su:session): session closed for user rubyman
May 12 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379575.
May 12 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: Failed password for root from 218.92.0.229 port 36738 ssh2
May 12 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: Failed password for invalid user va from 176.205.243.106 port 52956 ssh2
May 12 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: Received disconnect from 176.205.243.106 port 52956:11: Bye Bye [preauth]
May 12 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: Disconnected from 176.205.243.106 port 52956 [preauth]
May 12 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8846]: pam_unix(cron:session): session closed for user root
May 12 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11589]: pam_unix(cron:session): session closed for user root
May 12 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: Failed password for root from 218.92.0.229 port 36738 ssh2
May 12 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: Received disconnect from 218.92.0.229 port 36738:11:  [preauth]
May 12 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: Disconnected from 218.92.0.229 port 36738 [preauth]
May 12 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11586]: pam_unix(cron:session): session closed for user samftp
May 12 15:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 15:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: Failed password for root from 218.92.0.229 port 49690 ssh2
May 12 15:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 49690 ssh2]
May 12 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session closed for user root
May 12 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: Received disconnect from 218.92.0.229 port 49690:11:  [preauth]
May 12 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: Disconnected from 218.92.0.229 port 49690 [preauth]
May 12 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May 12 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12073]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12070]: pam_unix(cron:session): session closed for user p13x
May 12 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12138]: Successful su for rubyman by root
May 12 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12138]: + ??? root:rubyman
May 12 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379583 of user rubyman.
May 12 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12138]: pam_unix(su:session): session closed for user rubyman
May 12 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379583.
May 12 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9373]: pam_unix(cron:session): session closed for user root
May 12 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12071]: pam_unix(cron:session): session closed for user samftp
May 12 15:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 15:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: Failed password for root from 218.92.0.232 port 39678 ssh2
May 12 15:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: message repeated 2 times: [ Failed password for root from 218.92.0.232 port 39678 ssh2]
May 12 15:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: Received disconnect from 218.92.0.232 port 39678:11:  [preauth]
May 12 15:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: Disconnected from 218.92.0.232 port 39678 [preauth]
May 12 15:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 15:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May 12 15:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12399]: Failed password for root from 218.92.0.208 port 53288 ssh2
May 12 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Failed password for root from 218.92.0.232 port 34362 ssh2
May 12 15:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Failed password for root from 218.92.0.232 port 34362 ssh2
May 12 15:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11178]: pam_unix(cron:session): session closed for user root
May 12 15:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Failed password for root from 218.92.0.232 port 34362 ssh2
May 12 15:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Received disconnect from 218.92.0.232 port 34362:11:  [preauth]
May 12 15:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Disconnected from 218.92.0.232 port 34362 [preauth]
May 12 15:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 15:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 15:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: Failed password for root from 218.92.0.232 port 34366 ssh2
May 12 15:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12432]: Did not receive identification string from 112.30.7.45
May 12 15:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: Failed password for root from 218.92.0.232 port 34366 ssh2
May 12 15:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Invalid user Admin from 182.135.66.179
May 12 15:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: input_userauth_request: invalid user Admin [preauth]
May 12 15:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.135.66.179
May 12 15:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: Failed password for root from 218.92.0.232 port 34366 ssh2
May 12 15:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: Received disconnect from 218.92.0.232 port 34366:11:  [preauth]
May 12 15:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: Disconnected from 218.92.0.232 port 34366 [preauth]
May 12 15:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May 12 15:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Failed password for invalid user Admin from 182.135.66.179 port 55424 ssh2
May 12 15:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Connection closed by 182.135.66.179 port 55424 [preauth]
May 12 15:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12494]: pam_unix(cron:session): session closed for user p13x
May 12 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12553]: Successful su for rubyman by root
May 12 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12553]: + ??? root:rubyman
May 12 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379588 of user rubyman.
May 12 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12553]: pam_unix(su:session): session closed for user rubyman
May 12 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379588.
May 12 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session closed for user root
May 12 15:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12495]: pam_unix(cron:session): session closed for user samftp
May 12 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8  user=root
May 12 15:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Failed password for root from 197.5.145.8 port 40175 ssh2
May 12 15:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Received disconnect from 197.5.145.8 port 40175:11: Bye Bye [preauth]
May 12 15:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Disconnected from 197.5.145.8 port 40175 [preauth]
May 12 15:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11591]: pam_unix(cron:session): session closed for user root
May 12 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12883]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12882]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12880]: pam_unix(cron:session): session closed for user p13x
May 12 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12938]: Successful su for rubyman by root
May 12 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12938]: + ??? root:rubyman
May 12 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379590 of user rubyman.
May 12 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12938]: pam_unix(su:session): session closed for user rubyman
May 12 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379590.
May 12 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10298]: pam_unix(cron:session): session closed for user root
May 12 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12881]: pam_unix(cron:session): session closed for user samftp
May 12 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12073]: pam_unix(cron:session): session closed for user root
May 12 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13286]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13287]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13284]: pam_unix(cron:session): session closed for user p13x
May 12 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13347]: Successful su for rubyman by root
May 12 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13347]: + ??? root:rubyman
May 12 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379594 of user rubyman.
May 12 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13347]: pam_unix(su:session): session closed for user rubyman
May 12 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379594.
May 12 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session closed for user root
May 12 15:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13285]: pam_unix(cron:session): session closed for user samftp
May 12 15:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: Invalid user  from 139.59.91.8
May 12 15:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: input_userauth_request: invalid user  [preauth]
May 12 15:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: Connection closed by 139.59.91.8 port 35618 [preauth]
May 12 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session closed for user root
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13796]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13794]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13795]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session closed for user root
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13791]: pam_unix(cron:session): session closed for user p13x
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13858]: Successful su for rubyman by root
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13858]: + ??? root:rubyman
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379603 of user rubyman.
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13858]: pam_unix(su:session): session closed for user rubyman
May 12 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379603.
May 12 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13794]: pam_unix(cron:session): session closed for user root
May 12 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11177]: pam_unix(cron:session): session closed for user root
May 12 15:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13793]: pam_unix(cron:session): session closed for user samftp
May 12 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12883]: pam_unix(cron:session): session closed for user root
May 12 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14222]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14223]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14220]: pam_unix(cron:session): session closed for user p13x
May 12 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14289]: Successful su for rubyman by root
May 12 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14289]: + ??? root:rubyman
May 12 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379605 of user rubyman.
May 12 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14289]: pam_unix(su:session): session closed for user rubyman
May 12 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379605.
May 12 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11590]: pam_unix(cron:session): session closed for user root
May 12 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14221]: pam_unix(cron:session): session closed for user samftp
May 12 15:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13287]: pam_unix(cron:session): session closed for user root
May 12 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14638]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14635]: pam_unix(cron:session): session closed for user p13x
May 12 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14704]: Successful su for rubyman by root
May 12 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14704]: + ??? root:rubyman
May 12 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379608 of user rubyman.
May 12 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14704]: pam_unix(su:session): session closed for user rubyman
May 12 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379608.
May 12 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session closed for user root
May 12 15:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14637]: pam_unix(cron:session): session closed for user samftp
May 12 15:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May 12 15:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Failed password for root from 218.92.0.217 port 59210 ssh2
May 12 15:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: message repeated 2 times: [ Failed password for root from 218.92.0.217 port 59210 ssh2]
May 12 15:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Received disconnect from 218.92.0.217 port 59210:11:  [preauth]
May 12 15:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Disconnected from 218.92.0.217 port 59210 [preauth]
May 12 15:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May 12 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13796]: pam_unix(cron:session): session closed for user root
May 12 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15051]: pam_unix(cron:session): session closed for user p13x
May 12 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15114]: Successful su for rubyman by root
May 12 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15114]: + ??? root:rubyman
May 12 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379614 of user rubyman.
May 12 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15114]: pam_unix(su:session): session closed for user rubyman
May 12 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379614.
May 12 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session closed for user root
May 12 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session closed for user samftp
May 12 15:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Invalid user admin from 80.94.95.112
May 12 15:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: input_userauth_request: invalid user admin [preauth]
May 12 15:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 15:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Failed password for invalid user admin from 80.94.95.112 port 16285 ssh2
May 12 15:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Failed password for invalid user admin from 80.94.95.112 port 16285 ssh2
May 12 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14223]: pam_unix(cron:session): session closed for user root
May 12 15:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Failed password for invalid user admin from 80.94.95.112 port 16285 ssh2
May 12 15:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Failed password for invalid user admin from 80.94.95.112 port 16285 ssh2
May 12 15:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Failed password for invalid user admin from 80.94.95.112 port 16285 ssh2
May 12 15:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Received disconnect from 80.94.95.112 port 16285:11: Bye [preauth]
May 12 15:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Disconnected from 80.94.95.112 port 16285 [preauth]
May 12 15:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 15:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 15:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Invalid user oracle from 176.205.243.106
May 12 15:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: input_userauth_request: invalid user oracle [preauth]
May 12 15:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 15:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Failed password for invalid user oracle from 176.205.243.106 port 60416 ssh2
May 12 15:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Received disconnect from 176.205.243.106 port 60416:11: Bye Bye [preauth]
May 12 15:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Disconnected from 176.205.243.106 port 60416 [preauth]
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15449]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15448]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15446]: pam_unix(cron:session): session closed for user p13x
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15568]: Successful su for rubyman by root
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15568]: + ??? root:rubyman
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379616 of user rubyman.
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15568]: pam_unix(su:session): session closed for user rubyman
May 12 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379616.
May 12 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session closed for user root
May 12 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12882]: pam_unix(cron:session): session closed for user root
May 12 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8  user=root
May 12 15:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session closed for user samftp
May 12 15:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Failed password for root from 197.5.145.8 port 40176 ssh2
May 12 15:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Received disconnect from 197.5.145.8 port 40176:11: Bye Bye [preauth]
May 12 15:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Disconnected from 197.5.145.8 port 40176 [preauth]
May 12 15:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session closed for user root
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15939]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15942]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15941]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session closed for user root
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15937]: pam_unix(cron:session): session closed for user p13x
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16003]: Successful su for rubyman by root
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16003]: + ??? root:rubyman
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379625 of user rubyman.
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16003]: pam_unix(su:session): session closed for user rubyman
May 12 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379625.
May 12 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15939]: pam_unix(cron:session): session closed for user root
May 12 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13286]: pam_unix(cron:session): session closed for user root
May 12 15:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15938]: pam_unix(cron:session): session closed for user samftp
May 12 15:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: Failed password for root from 218.92.0.179 port 23942 ssh2
May 12 15:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 23942 ssh2]
May 12 15:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: Received disconnect from 218.92.0.179 port 23942:11:  [preauth]
May 12 15:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: Disconnected from 218.92.0.179 port 23942 [preauth]
May 12 15:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session closed for user root
May 12 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16346]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16344]: pam_unix(cron:session): session closed for user p13x
May 12 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16407]: Successful su for rubyman by root
May 12 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16407]: + ??? root:rubyman
May 12 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379629 of user rubyman.
May 12 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16407]: pam_unix(su:session): session closed for user rubyman
May 12 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379629.
May 12 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13795]: pam_unix(cron:session): session closed for user root
May 12 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16345]: pam_unix(cron:session): session closed for user samftp
May 12 15:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: Invalid user webtest from 50.235.31.47
May 12 15:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: input_userauth_request: invalid user webtest [preauth]
May 12 15:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May 12 15:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: Failed password for invalid user webtest from 50.235.31.47 port 45060 ssh2
May 12 15:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: Connection closed by 50.235.31.47 port 45060 [preauth]
May 12 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15449]: pam_unix(cron:session): session closed for user root
May 12 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session closed for user p13x
May 12 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16870]: Successful su for rubyman by root
May 12 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16870]: + ??? root:rubyman
May 12 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379632 of user rubyman.
May 12 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16870]: pam_unix(su:session): session closed for user rubyman
May 12 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379632.
May 12 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14222]: pam_unix(cron:session): session closed for user root
May 12 15:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session closed for user samftp
May 12 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15942]: pam_unix(cron:session): session closed for user root
May 12 15:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Invalid user admin from 80.94.95.125
May 12 15:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: input_userauth_request: invalid user admin [preauth]
May 12 15:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 15:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Failed password for invalid user admin from 80.94.95.125 port 17528 ssh2
May 12 15:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Received disconnect from 80.94.95.125 port 17528:11: Bye [preauth]
May 12 15:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Disconnected from 80.94.95.125 port 17528 [preauth]
May 12 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17245]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17244]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session closed for user p13x
May 12 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17309]: Successful su for rubyman by root
May 12 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17309]: + ??? root:rubyman
May 12 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379636 of user rubyman.
May 12 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17309]: pam_unix(su:session): session closed for user rubyman
May 12 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379636.
May 12 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14638]: pam_unix(cron:session): session closed for user root
May 12 15:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session closed for user samftp
May 12 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session closed for user root
May 12 15:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Invalid user newuser from 197.5.145.8
May 12 15:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: input_userauth_request: invalid user newuser [preauth]
May 12 15:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 15:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Failed password for invalid user newuser from 197.5.145.8 port 40177 ssh2
May 12 15:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Received disconnect from 197.5.145.8 port 40177:11: Bye Bye [preauth]
May 12 15:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Disconnected from 197.5.145.8 port 40177 [preauth]
May 12 15:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17664]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17665]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17662]: pam_unix(cron:session): session closed for user p13x
May 12 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17725]: Successful su for rubyman by root
May 12 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17725]: + ??? root:rubyman
May 12 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379639 of user rubyman.
May 12 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17725]: pam_unix(su:session): session closed for user rubyman
May 12 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379639.
May 12 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session closed for user root
May 12 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17663]: pam_unix(cron:session): session closed for user samftp
May 12 15:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Invalid user ads1 from 176.205.243.106
May 12 15:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: input_userauth_request: invalid user ads1 [preauth]
May 12 15:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 15:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Failed password for invalid user ads1 from 176.205.243.106 port 48428 ssh2
May 12 15:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Received disconnect from 176.205.243.106 port 48428:11: Bye Bye [preauth]
May 12 15:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Disconnected from 176.205.243.106 port 48428 [preauth]
May 12 15:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Invalid user kubeadmin from 193.32.162.157
May 12 15:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: input_userauth_request: invalid user kubeadmin [preauth]
May 12 15:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 15:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Failed password for invalid user kubeadmin from 193.32.162.157 port 10088 ssh2
May 12 15:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Connection closed by 193.32.162.157 port 10088 [preauth]
May 12 15:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session closed for user root
May 12 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Invalid user aaa from 193.32.162.157
May 12 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: input_userauth_request: invalid user aaa [preauth]
May 12 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 15:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Failed password for invalid user aaa from 193.32.162.157 port 43338 ssh2
May 12 15:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Connection closed by 193.32.162.157 port 43338 [preauth]
May 12 15:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Invalid user kubeadmin from 193.32.162.157
May 12 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: input_userauth_request: invalid user kubeadmin [preauth]
May 12 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 15:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Failed password for invalid user kubeadmin from 193.32.162.157 port 44188 ssh2
May 12 15:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Connection closed by 193.32.162.157 port 44188 [preauth]
May 12 15:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18192]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18194]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18193]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18191]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18194]: pam_unix(cron:session): session closed for user root
May 12 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18189]: pam_unix(cron:session): session closed for user p13x
May 12 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18257]: Successful su for rubyman by root
May 12 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18257]: + ??? root:rubyman
May 12 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379645 of user rubyman.
May 12 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18257]: pam_unix(su:session): session closed for user rubyman
May 12 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379645.
May 12 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18191]: pam_unix(cron:session): session closed for user root
May 12 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15448]: pam_unix(cron:session): session closed for user root
May 12 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18190]: pam_unix(cron:session): session closed for user samftp
May 12 15:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Invalid user 1234567890 from 193.32.162.157
May 12 15:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: input_userauth_request: invalid user 1234567890 [preauth]
May 12 15:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 15:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Failed password for invalid user 1234567890 from 193.32.162.157 port 39374 ssh2
May 12 15:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Connection closed by 193.32.162.157 port 39374 [preauth]
May 12 15:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18513]: Invalid user adm from 193.32.162.157
May 12 15:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18513]: input_userauth_request: invalid user adm [preauth]
May 12 15:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18513]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17245]: pam_unix(cron:session): session closed for user root
May 12 15:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18513]: Failed password for invalid user adm from 193.32.162.157 port 6032 ssh2
May 12 15:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18513]: Connection closed by 193.32.162.157 port 6032 [preauth]
May 12 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18631]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18630]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18628]: pam_unix(cron:session): session closed for user p13x
May 12 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18696]: Successful su for rubyman by root
May 12 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18696]: + ??? root:rubyman
May 12 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379650 of user rubyman.
May 12 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18696]: pam_unix(su:session): session closed for user rubyman
May 12 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379650.
May 12 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15941]: pam_unix(cron:session): session closed for user root
May 12 15:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18629]: pam_unix(cron:session): session closed for user samftp
May 12 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17665]: pam_unix(cron:session): session closed for user root
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19044]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19045]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19039]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19039]: pam_unix(cron:session): session closed for user root
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19042]: pam_unix(cron:session): session closed for user p13x
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19109]: Successful su for rubyman by root
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19109]: + ??? root:rubyman
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379654 of user rubyman.
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19109]: pam_unix(su:session): session closed for user rubyman
May 12 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379654.
May 12 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16346]: pam_unix(cron:session): session closed for user root
May 12 15:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19043]: pam_unix(cron:session): session closed for user samftp
May 12 15:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 15:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: Failed password for root from 218.92.0.201 port 31590 ssh2
May 12 15:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: message repeated 4 times: [ Failed password for root from 218.92.0.201 port 31590 ssh2]
May 12 15:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 31590 ssh2 [preauth]
May 12 15:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: Disconnecting: Too many authentication failures [preauth]
May 12 15:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 15:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 15:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18193]: pam_unix(cron:session): session closed for user root
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19460]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19454]: pam_unix(cron:session): session closed for user p13x
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19526]: Successful su for rubyman by root
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19526]: + ??? root:rubyman
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379659 of user rubyman.
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19526]: pam_unix(su:session): session closed for user rubyman
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379659.
May 12 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session closed for user root
May 12 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19455]: pam_unix(cron:session): session closed for user samftp
May 12 15:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.91.8  user=root
May 12 15:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19552]: Failed password for root from 139.59.91.8 port 57754 ssh2
May 12 15:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19552]: Connection closed by 139.59.91.8 port 57754 [preauth]
May 12 15:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Invalid user infoserve from 197.5.145.8
May 12 15:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: input_userauth_request: invalid user infoserve [preauth]
May 12 15:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 15:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Failed password for invalid user infoserve from 197.5.145.8 port 40178 ssh2
May 12 15:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Received disconnect from 197.5.145.8 port 40178:11: Bye Bye [preauth]
May 12 15:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Disconnected from 197.5.145.8 port 40178 [preauth]
May 12 15:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18631]: pam_unix(cron:session): session closed for user root
May 12 15:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19767]: Did not receive identification string from 139.59.91.8
May 12 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19891]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19889]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19886]: pam_unix(cron:session): session closed for user p13x
May 12 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: Successful su for rubyman by root
May 12 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: + ??? root:rubyman
May 12 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379663 of user rubyman.
May 12 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: pam_unix(su:session): session closed for user rubyman
May 12 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379663.
May 12 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17244]: pam_unix(cron:session): session closed for user root
May 12 15:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19888]: pam_unix(cron:session): session closed for user samftp
May 12 15:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Invalid user postgres from 176.205.243.106
May 12 15:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: input_userauth_request: invalid user postgres [preauth]
May 12 15:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 15:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Failed password for invalid user postgres from 176.205.243.106 port 46468 ssh2
May 12 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Received disconnect from 176.205.243.106 port 46468:11: Bye Bye [preauth]
May 12 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Disconnected from 176.205.243.106 port 46468 [preauth]
May 12 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19045]: pam_unix(cron:session): session closed for user root
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20298]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20299]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20299]: pam_unix(cron:session): session closed for user root
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session closed for user p13x
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20361]: Successful su for rubyman by root
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20361]: + ??? root:rubyman
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379668 of user rubyman.
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20361]: pam_unix(su:session): session closed for user rubyman
May 12 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379668.
May 12 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17664]: pam_unix(cron:session): session closed for user root
May 12 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session closed for user root
May 12 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session closed for user samftp
May 12 15:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: Invalid user benny from 164.68.105.9
May 12 15:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: input_userauth_request: invalid user benny [preauth]
May 12 15:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May 12 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: Failed password for invalid user benny from 164.68.105.9 port 53514 ssh2
May 12 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: Connection closed by 164.68.105.9 port 53514 [preauth]
May 12 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19460]: pam_unix(cron:session): session closed for user root
May 12 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20735]: pam_unix(cron:session): session closed for user p13x
May 12 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: Successful su for rubyman by root
May 12 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: + ??? root:rubyman
May 12 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379673 of user rubyman.
May 12 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: pam_unix(su:session): session closed for user rubyman
May 12 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379673.
May 12 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18192]: pam_unix(cron:session): session closed for user root
May 12 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20736]: pam_unix(cron:session): session closed for user samftp
May 12 15:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19891]: pam_unix(cron:session): session closed for user root
May 12 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21153]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21154]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21151]: pam_unix(cron:session): session closed for user p13x
May 12 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: Successful su for rubyman by root
May 12 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: + ??? root:rubyman
May 12 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379679 of user rubyman.
May 12 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: pam_unix(su:session): session closed for user rubyman
May 12 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379679.
May 12 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18630]: pam_unix(cron:session): session closed for user root
May 12 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21152]: pam_unix(cron:session): session closed for user samftp
May 12 15:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20298]: pam_unix(cron:session): session closed for user root
May 12 15:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Invalid user maintain from 197.5.145.8
May 12 15:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: input_userauth_request: invalid user maintain [preauth]
May 12 15:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 15:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Failed password for invalid user maintain from 197.5.145.8 port 40179 ssh2
May 12 15:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Received disconnect from 197.5.145.8 port 40179:11: Bye Bye [preauth]
May 12 15:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Disconnected from 197.5.145.8 port 40179 [preauth]
May 12 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21608]: pam_unix(cron:session): session closed for user p13x
May 12 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21699]: Successful su for rubyman by root
May 12 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21699]: + ??? root:rubyman
May 12 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379680 of user rubyman.
May 12 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21699]: pam_unix(su:session): session closed for user rubyman
May 12 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379680.
May 12 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19044]: pam_unix(cron:session): session closed for user root
May 12 15:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session closed for user samftp
May 12 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session closed for user root
May 12 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22360]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22361]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22358]: pam_unix(cron:session): session closed for user p13x
May 12 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22444]: Successful su for rubyman by root
May 12 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22444]: + ??? root:rubyman
May 12 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379686 of user rubyman.
May 12 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22444]: pam_unix(su:session): session closed for user rubyman
May 12 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379686.
May 12 15:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session closed for user root
May 12 15:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22359]: pam_unix(cron:session): session closed for user samftp
May 12 15:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: Failed password for root from 218.92.0.179 port 40134 ssh2
May 12 15:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 40134 ssh2]
May 12 15:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: Received disconnect from 218.92.0.179 port 40134:11:  [preauth]
May 12 15:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: Disconnected from 218.92.0.179 port 40134 [preauth]
May 12 15:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Invalid user admin from 176.205.243.106
May 12 15:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: input_userauth_request: invalid user admin [preauth]
May 12 15:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21154]: pam_unix(cron:session): session closed for user root
May 12 15:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Failed password for invalid user admin from 176.205.243.106 port 53856 ssh2
May 12 15:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Received disconnect from 176.205.243.106 port 53856:11: Bye Bye [preauth]
May 12 15:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Disconnected from 176.205.243.106 port 53856 [preauth]
May 12 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22831]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22835]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22832]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22833]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22835]: pam_unix(cron:session): session closed for user root
May 12 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22829]: pam_unix(cron:session): session closed for user p13x
May 12 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22909]: Successful su for rubyman by root
May 12 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22909]: + ??? root:rubyman
May 12 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379692 of user rubyman.
May 12 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22909]: pam_unix(su:session): session closed for user rubyman
May 12 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379692.
May 12 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19889]: pam_unix(cron:session): session closed for user root
May 12 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22831]: pam_unix(cron:session): session closed for user root
May 12 15:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22830]: pam_unix(cron:session): session closed for user samftp
May 12 15:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session closed for user root
May 12 15:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Invalid user ubnt from 80.94.95.125
May 12 15:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: input_userauth_request: invalid user ubnt [preauth]
May 12 15:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 15:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Failed password for invalid user ubnt from 80.94.95.125 port 19158 ssh2
May 12 15:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Received disconnect from 80.94.95.125 port 19158:11: Bye [preauth]
May 12 15:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Disconnected from 80.94.95.125 port 19158 [preauth]
May 12 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23401]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23400]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23398]: pam_unix(cron:session): session closed for user p13x
May 12 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23474]: Successful su for rubyman by root
May 12 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23474]: + ??? root:rubyman
May 12 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379694 of user rubyman.
May 12 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23474]: pam_unix(su:session): session closed for user rubyman
May 12 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379694.
May 12 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session closed for user root
May 12 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23399]: pam_unix(cron:session): session closed for user samftp
May 12 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22361]: pam_unix(cron:session): session closed for user root
May 12 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23923]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23922]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23920]: pam_unix(cron:session): session closed for user p13x
May 12 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24000]: Successful su for rubyman by root
May 12 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24000]: + ??? root:rubyman
May 12 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379699 of user rubyman.
May 12 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24000]: pam_unix(su:session): session closed for user rubyman
May 12 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379699.
May 12 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session closed for user root
May 12 15:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23921]: pam_unix(cron:session): session closed for user samftp
May 12 15:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: Invalid user postgres from 197.5.145.8
May 12 15:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: input_userauth_request: invalid user postgres [preauth]
May 12 15:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 15:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: Failed password for invalid user postgres from 197.5.145.8 port 40180 ssh2
May 12 15:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: Received disconnect from 197.5.145.8 port 40180:11: Bye Bye [preauth]
May 12 15:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: Disconnected from 197.5.145.8 port 40180 [preauth]
May 12 15:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22833]: pam_unix(cron:session): session closed for user root
May 12 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24361]: pam_unix(cron:session): session closed for user p13x
May 12 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: Successful su for rubyman by root
May 12 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: + ??? root:rubyman
May 12 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379702 of user rubyman.
May 12 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: pam_unix(su:session): session closed for user rubyman
May 12 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379702.
May 12 15:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21153]: pam_unix(cron:session): session closed for user root
May 12 15:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24363]: pam_unix(cron:session): session closed for user samftp
May 12 15:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: Failed password for root from 218.92.0.179 port 43792 ssh2
May 12 15:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 43792 ssh2]
May 12 15:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: Received disconnect from 218.92.0.179 port 43792:11:  [preauth]
May 12 15:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: Disconnected from 218.92.0.179 port 43792 [preauth]
May 12 15:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23401]: pam_unix(cron:session): session closed for user root
May 12 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24787]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24785]: pam_unix(cron:session): session closed for user p13x
May 12 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24846]: Successful su for rubyman by root
May 12 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24846]: + ??? root:rubyman
May 12 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379707 of user rubyman.
May 12 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24846]: pam_unix(su:session): session closed for user rubyman
May 12 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379707.
May 12 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session closed for user root
May 12 15:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24786]: pam_unix(cron:session): session closed for user samftp
May 12 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23923]: pam_unix(cron:session): session closed for user root
May 12 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Invalid user samara from 176.205.243.106
May 12 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: input_userauth_request: invalid user samara [preauth]
May 12 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 15:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Failed password for invalid user samara from 176.205.243.106 port 40530 ssh2
May 12 15:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Received disconnect from 176.205.243.106 port 40530:11: Bye Bye [preauth]
May 12 15:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Disconnected from 176.205.243.106 port 40530 [preauth]
May 12 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25199]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25197]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25198]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25196]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25199]: pam_unix(cron:session): session closed for user root
May 12 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session closed for user p13x
May 12 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25279]: Successful su for rubyman by root
May 12 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25279]: + ??? root:rubyman
May 12 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379714 of user rubyman.
May 12 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25279]: pam_unix(su:session): session closed for user rubyman
May 12 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379714.
May 12 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22360]: pam_unix(cron:session): session closed for user root
May 12 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25196]: pam_unix(cron:session): session closed for user root
May 12 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25195]: pam_unix(cron:session): session closed for user samftp
May 12 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session closed for user root
May 12 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25691]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25684]: pam_unix(cron:session): session closed for user p13x
May 12 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: Successful su for rubyman by root
May 12 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: + ??? root:rubyman
May 12 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379716 of user rubyman.
May 12 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: pam_unix(su:session): session closed for user rubyman
May 12 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379716.
May 12 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22832]: pam_unix(cron:session): session closed for user root
May 12 15:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25685]: pam_unix(cron:session): session closed for user samftp
May 12 15:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session closed for user root
May 12 15:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: Invalid user user9 from 197.5.145.8
May 12 15:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: input_userauth_request: invalid user user9 [preauth]
May 12 15:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 15:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: Failed password for invalid user user9 from 197.5.145.8 port 40181 ssh2
May 12 15:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: Received disconnect from 197.5.145.8 port 40181:11: Bye Bye [preauth]
May 12 15:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: Disconnected from 197.5.145.8 port 40181 [preauth]
May 12 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26154]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session closed for user p13x
May 12 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26211]: Successful su for rubyman by root
May 12 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26211]: + ??? root:rubyman
May 12 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379721 of user rubyman.
May 12 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26211]: pam_unix(su:session): session closed for user rubyman
May 12 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379721.
May 12 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23400]: pam_unix(cron:session): session closed for user root
May 12 15:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26152]: pam_unix(cron:session): session closed for user samftp
May 12 15:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25198]: pam_unix(cron:session): session closed for user root
May 12 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26638]: pam_unix(cron:session): session closed for user p13x
May 12 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26705]: Successful su for rubyman by root
May 12 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26705]: + ??? root:rubyman
May 12 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379724 of user rubyman.
May 12 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26705]: pam_unix(su:session): session closed for user rubyman
May 12 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379724.
May 12 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26544]: Connection reset by 103.70.115.126 port 25762 [preauth]
May 12 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23922]: pam_unix(cron:session): session closed for user root
May 12 15:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26639]: pam_unix(cron:session): session closed for user samftp
May 12 15:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25691]: pam_unix(cron:session): session closed for user root
May 12 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27156]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27157]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27153]: pam_unix(cron:session): session closed for user p13x
May 12 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27223]: Successful su for rubyman by root
May 12 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27223]: + ??? root:rubyman
May 12 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379730 of user rubyman.
May 12 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27223]: pam_unix(su:session): session closed for user rubyman
May 12 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379730.
May 12 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24364]: pam_unix(cron:session): session closed for user root
May 12 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27154]: pam_unix(cron:session): session closed for user samftp
May 12 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26154]: pam_unix(cron:session): session closed for user root
May 12 15:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: Invalid user maintain from 176.205.243.106
May 12 15:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: input_userauth_request: invalid user maintain [preauth]
May 12 15:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 15:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: Failed password for invalid user maintain from 176.205.243.106 port 57196 ssh2
May 12 15:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: Received disconnect from 176.205.243.106 port 57196:11: Bye Bye [preauth]
May 12 15:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: Disconnected from 176.205.243.106 port 57196 [preauth]
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27675]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27676]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27674]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27673]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27676]: pam_unix(cron:session): session closed for user root
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27671]: pam_unix(cron:session): session closed for user p13x
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27741]: Successful su for rubyman by root
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27741]: + ??? root:rubyman
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379732 of user rubyman.
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27741]: pam_unix(su:session): session closed for user rubyman
May 12 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379732.
May 12 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27673]: pam_unix(cron:session): session closed for user root
May 12 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24787]: pam_unix(cron:session): session closed for user root
May 12 15:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27672]: pam_unix(cron:session): session closed for user samftp
May 12 15:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Invalid user ftp_test from 185.93.89.118
May 12 15:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: input_userauth_request: invalid user ftp_test [preauth]
May 12 15:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 15:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Failed password for invalid user ftp_test from 185.93.89.118 port 10174 ssh2
May 12 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Connection closed by 185.93.89.118 port 10174 [preauth]
May 12 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session closed for user root
May 12 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: Invalid user ftptest2 from 185.93.89.118
May 12 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: input_userauth_request: invalid user ftptest2 [preauth]
May 12 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 15:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: Failed password for invalid user ftptest2 from 185.93.89.118 port 47744 ssh2
May 12 15:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: Connection closed by 185.93.89.118 port 47744 [preauth]
May 12 15:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: Invalid user ftptemp from 185.93.89.118
May 12 15:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: input_userauth_request: invalid user ftptemp [preauth]
May 12 15:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: Failed password for invalid user ftptemp from 185.93.89.118 port 56368 ssh2
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28147]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28143]: pam_unix(cron:session): session closed for user p13x
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28215]: Successful su for rubyman by root
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28215]: + ??? root:rubyman
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379738 of user rubyman.
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28215]: pam_unix(su:session): session closed for user rubyman
May 12 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379738.
May 12 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: Connection closed by 185.93.89.118 port 56368 [preauth]
May 12 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25197]: pam_unix(cron:session): session closed for user root
May 12 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session closed for user samftp
May 12 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28337]: Invalid user ftp_nmc from 185.93.89.118
May 12 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28337]: input_userauth_request: invalid user ftp_nmc [preauth]
May 12 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28337]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8  user=root
May 12 15:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28337]: Failed password for invalid user ftp_nmc from 185.93.89.118 port 51816 ssh2
May 12 15:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28443]: Failed password for root from 197.5.145.8 port 40182 ssh2
May 12 15:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28443]: Received disconnect from 197.5.145.8 port 40182:11: Bye Bye [preauth]
May 12 15:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28443]: Disconnected from 197.5.145.8 port 40182 [preauth]
May 12 15:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Failed password for root from 218.92.0.179 port 12336 ssh2
May 12 15:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28337]: Connection closed by 185.93.89.118 port 51816 [preauth]
May 12 15:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Failed password for root from 218.92.0.179 port 12336 ssh2
May 12 15:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Failed password for root from 218.92.0.179 port 12336 ssh2
May 12 15:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Received disconnect from 218.92.0.179 port 12336:11:  [preauth]
May 12 15:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Disconnected from 218.92.0.179 port 12336 [preauth]
May 12 15:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27157]: pam_unix(cron:session): session closed for user root
May 12 15:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: Connection reset by 205.210.31.203 port 63060 [preauth]
May 12 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Invalid user ftpguest from 185.93.89.118
May 12 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: input_userauth_request: invalid user ftpguest [preauth]
May 12 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 15:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Failed password for invalid user ftpguest from 185.93.89.118 port 53504 ssh2
May 12 15:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Connection closed by 185.93.89.118 port 53504 [preauth]
May 12 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28572]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28573]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28570]: pam_unix(cron:session): session closed for user p13x
May 12 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: Successful su for rubyman by root
May 12 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: + ??? root:rubyman
May 12 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379742 of user rubyman.
May 12 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: pam_unix(su:session): session closed for user rubyman
May 12 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379742.
May 12 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session closed for user root
May 12 15:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28571]: pam_unix(cron:session): session closed for user samftp
May 12 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27675]: pam_unix(cron:session): session closed for user root
May 12 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28975]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28976]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28973]: pam_unix(cron:session): session closed for user p13x
May 12 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29118]: Successful su for rubyman by root
May 12 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29118]: + ??? root:rubyman
May 12 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379748 of user rubyman.
May 12 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29118]: pam_unix(su:session): session closed for user rubyman
May 12 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379748.
May 12 15:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session closed for user root
May 12 15:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28974]: pam_unix(cron:session): session closed for user samftp
May 12 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session closed for user root
May 12 15:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Invalid user  from 80.94.95.125
May 12 15:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: input_userauth_request: invalid user  [preauth]
May 12 15:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 15:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Failed password for invalid user  from 80.94.95.125 port 35246 ssh2
May 12 15:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Received disconnect from 80.94.95.125 port 35246:11: Bye [preauth]
May 12 15:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Disconnected from 80.94.95.125 port 35246 [preauth]
May 12 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29479]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29478]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29474]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29476]: pam_unix(cron:session): session closed for user p13x
May 12 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29605]: Successful su for rubyman by root
May 12 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29605]: + ??? root:rubyman
May 12 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379750 of user rubyman.
May 12 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29605]: pam_unix(su:session): session closed for user rubyman
May 12 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379750.
May 12 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29474]: pam_unix(cron:session): session closed for user root
May 12 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session closed for user root
May 12 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29477]: pam_unix(cron:session): session closed for user samftp
May 12 15:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28573]: pam_unix(cron:session): session closed for user root
May 12 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29994]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29993]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29995]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29995]: pam_unix(cron:session): session closed for user root
May 12 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29990]: pam_unix(cron:session): session closed for user p13x
May 12 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30058]: Successful su for rubyman by root
May 12 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30058]: + ??? root:rubyman
May 12 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379755 of user rubyman.
May 12 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30058]: pam_unix(su:session): session closed for user rubyman
May 12 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379755.
May 12 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29992]: pam_unix(cron:session): session closed for user root
May 12 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27156]: pam_unix(cron:session): session closed for user root
May 12 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29991]: pam_unix(cron:session): session closed for user samftp
May 12 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: Invalid user ubuntu from 176.205.243.106
May 12 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: input_userauth_request: invalid user ubuntu [preauth]
May 12 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 15:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: Failed password for invalid user ubuntu from 176.205.243.106 port 41608 ssh2
May 12 15:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: Received disconnect from 176.205.243.106 port 41608:11: Bye Bye [preauth]
May 12 15:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: Disconnected from 176.205.243.106 port 41608 [preauth]
May 12 15:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28976]: pam_unix(cron:session): session closed for user root
May 12 15:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: Invalid user anas from 197.5.145.8
May 12 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: input_userauth_request: invalid user anas [preauth]
May 12 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 15:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: Failed password for invalid user anas from 197.5.145.8 port 40183 ssh2
May 12 15:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: Received disconnect from 197.5.145.8 port 40183:11: Bye Bye [preauth]
May 12 15:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30396]: Disconnected from 197.5.145.8 port 40183 [preauth]
May 12 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30421]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30420]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30418]: pam_unix(cron:session): session closed for user p13x
May 12 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30488]: Successful su for rubyman by root
May 12 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30488]: + ??? root:rubyman
May 12 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379762 of user rubyman.
May 12 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30488]: pam_unix(su:session): session closed for user rubyman
May 12 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379762.
May 12 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27674]: pam_unix(cron:session): session closed for user root
May 12 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30419]: pam_unix(cron:session): session closed for user samftp
May 12 15:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Invalid user admin from 80.94.95.112
May 12 15:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: input_userauth_request: invalid user admin [preauth]
May 12 15:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 15:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Failed password for invalid user admin from 80.94.95.112 port 63938 ssh2
May 12 15:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Failed password for invalid user admin from 80.94.95.112 port 63938 ssh2
May 12 15:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Failed password for invalid user admin from 80.94.95.112 port 63938 ssh2
May 12 15:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29479]: pam_unix(cron:session): session closed for user root
May 12 15:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Failed password for invalid user admin from 80.94.95.112 port 63938 ssh2
May 12 15:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Failed password for invalid user admin from 80.94.95.112 port 63938 ssh2
May 12 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Received disconnect from 80.94.95.112 port 63938:11: Bye [preauth]
May 12 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Disconnected from 80.94.95.112 port 63938 [preauth]
May 12 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30821]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30820]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30817]: pam_unix(cron:session): session closed for user p13x
May 12 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30881]: Successful su for rubyman by root
May 12 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30881]: + ??? root:rubyman
May 12 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379766 of user rubyman.
May 12 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30881]: pam_unix(su:session): session closed for user rubyman
May 12 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379766.
May 12 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28147]: pam_unix(cron:session): session closed for user root
May 12 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May 12 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30819]: pam_unix(cron:session): session closed for user samftp
May 12 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31108]: Failed password for root from 193.70.84.184 port 47768 ssh2
May 12 15:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31108]: Connection closed by 193.70.84.184 port 47768 [preauth]
May 12 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29994]: pam_unix(cron:session): session closed for user root
May 12 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31325]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31323]: pam_unix(cron:session): session closed for user p13x
May 12 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31385]: Successful su for rubyman by root
May 12 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31385]: + ??? root:rubyman
May 12 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379770 of user rubyman.
May 12 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31385]: pam_unix(su:session): session closed for user rubyman
May 12 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379770.
May 12 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28572]: pam_unix(cron:session): session closed for user root
May 12 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31324]: pam_unix(cron:session): session closed for user samftp
May 12 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30421]: pam_unix(cron:session): session closed for user root
May 12 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session closed for user p13x
May 12 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31812]: Successful su for rubyman by root
May 12 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31812]: + ??? root:rubyman
May 12 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379773 of user rubyman.
May 12 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31812]: pam_unix(su:session): session closed for user rubyman
May 12 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379773.
May 12 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28975]: pam_unix(cron:session): session closed for user root
May 12 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31751]: pam_unix(cron:session): session closed for user samftp
May 12 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30821]: pam_unix(cron:session): session closed for user root
May 12 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: Invalid user admin from 45.6.188.43
May 12 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: input_userauth_request: invalid user admin [preauth]
May 12 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 12 15:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: Failed password for invalid user admin from 45.6.188.43 port 48992 ssh2
May 12 15:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: Connection closed by 45.6.188.43 port 48992 [preauth]
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32475]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32475]: pam_unix(cron:session): session closed for user root
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32470]: pam_unix(cron:session): session closed for user p13x
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32545]: Successful su for rubyman by root
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32545]: + ??? root:rubyman
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379781 of user rubyman.
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32545]: pam_unix(su:session): session closed for user rubyman
May 12 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379781.
May 12 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session closed for user root
May 12 15:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29478]: pam_unix(cron:session): session closed for user root
May 12 15:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session closed for user samftp
May 12 15:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: Invalid user infoserve from 176.205.243.106
May 12 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: input_userauth_request: invalid user infoserve [preauth]
May 12 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 15:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: Failed password for invalid user infoserve from 176.205.243.106 port 34704 ssh2
May 12 15:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: Received disconnect from 176.205.243.106 port 34704:11: Bye Bye [preauth]
May 12 15:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: Disconnected from 176.205.243.106 port 34704 [preauth]
May 12 15:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Invalid user admin from 197.5.145.8
May 12 15:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: input_userauth_request: invalid user admin [preauth]
May 12 15:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 15:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Failed password for invalid user admin from 197.5.145.8 port 40184 ssh2
May 12 15:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Received disconnect from 197.5.145.8 port 40184:11: Bye Bye [preauth]
May 12 15:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Disconnected from 197.5.145.8 port 40184 [preauth]
May 12 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session closed for user root
May 12 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[637]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session closed for user p13x
May 12 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[716]: Successful su for rubyman by root
May 12 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[716]: + ??? root:rubyman
May 12 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379783 of user rubyman.
May 12 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[716]: pam_unix(su:session): session closed for user rubyman
May 12 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379783.
May 12 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29993]: pam_unix(cron:session): session closed for user root
May 12 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session closed for user samftp
May 12 15:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.54.167  user=root
May 12 15:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: Failed password for root from 101.126.54.167 port 49824 ssh2
May 12 15:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: Received disconnect from 101.126.54.167 port 49824:11: Bye Bye [preauth]
May 12 15:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: Disconnected from 101.126.54.167 port 49824 [preauth]
May 12 15:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session closed for user root
May 12 15:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May 12 15:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: Failed password for root from 218.92.0.205 port 24154 ssh2
May 12 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: message repeated 4 times: [ Failed password for root from 218.92.0.205 port 24154 ssh2]
May 12 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 24154 ssh2 [preauth]
May 12 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: Disconnecting: Too many authentication failures [preauth]
May 12 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May 12 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1117]: pam_unix(cron:session): session closed for user p13x
May 12 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1192]: Successful su for rubyman by root
May 12 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1192]: + ??? root:rubyman
May 12 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379788 of user rubyman.
May 12 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1192]: pam_unix(su:session): session closed for user rubyman
May 12 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379788.
May 12 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30420]: pam_unix(cron:session): session closed for user root
May 12 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1118]: pam_unix(cron:session): session closed for user samftp
May 12 15:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for root from 218.92.0.179 port 34689 ssh2
May 12 15:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for root from 218.92.0.179 port 34689 ssh2
May 12 15:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for root from 218.92.0.179 port 34689 ssh2
May 12 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session closed for user root
May 12 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1605]: pam_unix(cron:session): session closed for user p13x
May 12 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1678]: Successful su for rubyman by root
May 12 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1678]: + ??? root:rubyman
May 12 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379791 of user rubyman.
May 12 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1678]: pam_unix(su:session): session closed for user rubyman
May 12 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379791.
May 12 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30820]: pam_unix(cron:session): session closed for user root
May 12 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session closed for user samftp
May 12 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[637]: pam_unix(cron:session): session closed for user root
May 12 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2130]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2131]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2128]: pam_unix(cron:session): session closed for user p13x
May 12 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2197]: Successful su for rubyman by root
May 12 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2197]: + ??? root:rubyman
May 12 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379796 of user rubyman.
May 12 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2197]: pam_unix(su:session): session closed for user rubyman
May 12 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379796.
May 12 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31325]: pam_unix(cron:session): session closed for user root
May 12 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2129]: pam_unix(cron:session): session closed for user samftp
May 12 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session closed for user root
May 12 15:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Invalid user va from 197.5.145.8
May 12 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: input_userauth_request: invalid user va [preauth]
May 12 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Failed password for invalid user va from 197.5.145.8 port 40185 ssh2
May 12 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Received disconnect from 197.5.145.8 port 40185:11: Bye Bye [preauth]
May 12 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Disconnected from 197.5.145.8 port 40185 [preauth]
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2569]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2566]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2568]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2567]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2569]: pam_unix(cron:session): session closed for user root
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2564]: pam_unix(cron:session): session closed for user p13x
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2643]: Successful su for rubyman by root
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2643]: + ??? root:rubyman
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379801 of user rubyman.
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2643]: pam_unix(su:session): session closed for user rubyman
May 12 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379801.
May 12 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2566]: pam_unix(cron:session): session closed for user root
May 12 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session closed for user root
May 12 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2565]: pam_unix(cron:session): session closed for user samftp
May 12 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Invalid user admin from 176.205.243.106
May 12 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: input_userauth_request: invalid user admin [preauth]
May 12 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 15:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Failed password for invalid user admin from 176.205.243.106 port 44882 ssh2
May 12 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Received disconnect from 176.205.243.106 port 44882:11: Bye Bye [preauth]
May 12 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Disconnected from 176.205.243.106 port 44882 [preauth]
May 12 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session closed for user root
May 12 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3033]: pam_unix(cron:session): session closed for user p13x
May 12 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3100]: Successful su for rubyman by root
May 12 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3100]: + ??? root:rubyman
May 12 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379806 of user rubyman.
May 12 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3100]: pam_unix(su:session): session closed for user rubyman
May 12 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379806.
May 12 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session closed for user root
May 12 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3034]: pam_unix(cron:session): session closed for user samftp
May 12 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2131]: pam_unix(cron:session): session closed for user root
May 12 15:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Invalid user admin from 80.94.95.125
May 12 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: input_userauth_request: invalid user admin [preauth]
May 12 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Failed password for invalid user admin from 80.94.95.125 port 27968 ssh2
May 12 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Received disconnect from 80.94.95.125 port 27968:11: Bye [preauth]
May 12 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Disconnected from 80.94.95.125 port 27968 [preauth]
May 12 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3465]: pam_unix(cron:session): session closed for user p13x
May 12 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3529]: Successful su for rubyman by root
May 12 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3529]: + ??? root:rubyman
May 12 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379810 of user rubyman.
May 12 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3529]: pam_unix(su:session): session closed for user rubyman
May 12 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379810.
May 12 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session closed for user root
May 12 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3466]: pam_unix(cron:session): session closed for user samftp
May 12 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2568]: pam_unix(cron:session): session closed for user root
May 12 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3896]: pam_unix(cron:session): session closed for user p13x
May 12 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: Successful su for rubyman by root
May 12 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: + ??? root:rubyman
May 12 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379813 of user rubyman.
May 12 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: pam_unix(su:session): session closed for user rubyman
May 12 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379813.
May 12 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session closed for user root
May 12 15:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3898]: pam_unix(cron:session): session closed for user samftp
May 12 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session closed for user root
May 12 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4478]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4479]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session closed for user p13x
May 12 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4555]: Successful su for rubyman by root
May 12 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4555]: + ??? root:rubyman
May 12 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379818 of user rubyman.
May 12 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4555]: pam_unix(su:session): session closed for user rubyman
May 12 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379818.
May 12 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session closed for user root
May 12 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4477]: pam_unix(cron:session): session closed for user samftp
May 12 15:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: Invalid user oracle from 197.5.145.8
May 12 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: input_userauth_request: invalid user oracle [preauth]
May 12 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: Failed password for invalid user oracle from 197.5.145.8 port 40186 ssh2
May 12 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: Received disconnect from 197.5.145.8 port 40186:11: Bye Bye [preauth]
May 12 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: Disconnected from 197.5.145.8 port 40186 [preauth]
May 12 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session closed for user root
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4911]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session closed for user root
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4907]: pam_unix(cron:session): session closed for user p13x
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4988]: Successful su for rubyman by root
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4988]: + ??? root:rubyman
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379825 of user rubyman.
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4988]: pam_unix(su:session): session closed for user rubyman
May 12 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379825.
May 12 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2130]: pam_unix(cron:session): session closed for user root
May 12 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4911]: pam_unix(cron:session): session closed for user root
May 12 15:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4909]: pam_unix(cron:session): session closed for user samftp
May 12 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session closed for user root
May 12 15:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Invalid user test1 from 176.205.243.106
May 12 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: input_userauth_request: invalid user test1 [preauth]
May 12 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Failed password for invalid user test1 from 176.205.243.106 port 50980 ssh2
May 12 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Received disconnect from 176.205.243.106 port 50980:11: Bye Bye [preauth]
May 12 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Disconnected from 176.205.243.106 port 50980 [preauth]
May 12 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5592]: pam_unix(cron:session): session closed for user p13x
May 12 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5674]: Successful su for rubyman by root
May 12 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5674]: + ??? root:rubyman
May 12 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379829 of user rubyman.
May 12 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5674]: pam_unix(su:session): session closed for user rubyman
May 12 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379829.
May 12 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2567]: pam_unix(cron:session): session closed for user root
May 12 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5594]: pam_unix(cron:session): session closed for user samftp
May 12 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4479]: pam_unix(cron:session): session closed for user root
May 12 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Invalid user Ubuntu from 50.235.31.47
May 12 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: input_userauth_request: invalid user Ubuntu [preauth]
May 12 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May 12 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Failed password for invalid user Ubuntu from 50.235.31.47 port 33752 ssh2
May 12 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Connection closed by 50.235.31.47 port 33752 [preauth]
May 12 15:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Failed password for root from 218.92.0.179 port 36176 ssh2
May 12 15:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 36176 ssh2]
May 12 15:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Received disconnect from 218.92.0.179 port 36176:11:  [preauth]
May 12 15:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Disconnected from 218.92.0.179 port 36176 [preauth]
May 12 15:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6121]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session closed for user p13x
May 12 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6182]: Successful su for rubyman by root
May 12 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6182]: + ??? root:rubyman
May 12 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379831 of user rubyman.
May 12 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6182]: pam_unix(su:session): session closed for user rubyman
May 12 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379831.
May 12 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session closed for user root
May 12 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6120]: pam_unix(cron:session): session closed for user samftp
May 12 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session closed for user root
May 12 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6527]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6524]: pam_unix(cron:session): session closed for user p13x
May 12 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: Successful su for rubyman by root
May 12 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: + ??? root:rubyman
May 12 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379835 of user rubyman.
May 12 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: pam_unix(su:session): session closed for user rubyman
May 12 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379835.
May 12 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session closed for user root
May 12 15:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session closed for user samftp
May 12 15:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: Invalid user 12345678 from 193.32.162.157
May 12 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: input_userauth_request: invalid user 12345678 [preauth]
May 12 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 15:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: Failed password for invalid user 12345678 from 193.32.162.157 port 62352 ssh2
May 12 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: Connection closed by 193.32.162.157 port 62352 [preauth]
May 12 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session closed for user root
May 12 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: Invalid user ads1 from 197.5.145.8
May 12 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: input_userauth_request: invalid user ads1 [preauth]
May 12 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: Failed password for invalid user ads1 from 197.5.145.8 port 40187 ssh2
May 12 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: Received disconnect from 197.5.145.8 port 40187:11: Bye Bye [preauth]
May 12 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: Disconnected from 197.5.145.8 port 40187 [preauth]
May 12 15:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Invalid user adm from 193.32.162.157
May 12 15:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: input_userauth_request: invalid user adm [preauth]
May 12 15:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Failed password for invalid user adm from 193.32.162.157 port 15460 ssh2
May 12 15:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Connection closed by 193.32.162.157 port 15460 [preauth]
May 12 15:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7030]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7029]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7027]: pam_unix(cron:session): session closed for user p13x
May 12 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7109]: Successful su for rubyman by root
May 12 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7109]: + ??? root:rubyman
May 12 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379839 of user rubyman.
May 12 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7109]: pam_unix(su:session): session closed for user rubyman
May 12 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379839.
May 12 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session closed for user root
May 12 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session closed for user samftp
May 12 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7015]: Invalid user 123456 from 193.32.162.157
May 12 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7015]: input_userauth_request: invalid user 123456 [preauth]
May 12 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7015]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 15:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7015]: Failed password for invalid user 123456 from 193.32.162.157 port 15232 ssh2
May 12 15:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7015]: Connection closed by 193.32.162.157 port 15232 [preauth]
May 12 15:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: Failed password for root from 218.92.0.179 port 57237 ssh2
May 12 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Invalid user adm from 193.32.162.157
May 12 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: input_userauth_request: invalid user adm [preauth]
May 12 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 15:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: Failed password for root from 218.92.0.179 port 57237 ssh2
May 12 15:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Failed password for invalid user adm from 193.32.162.157 port 18758 ssh2
May 12 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session closed for user root
May 12 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: Failed password for root from 218.92.0.179 port 57237 ssh2
May 12 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: Received disconnect from 218.92.0.179 port 57237:11:  [preauth]
May 12 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: Disconnected from 218.92.0.179 port 57237 [preauth]
May 12 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 15:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Connection closed by 193.32.162.157 port 18758 [preauth]
May 12 15:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 15:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Invalid user 1234 from 193.32.162.157
May 12 15:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: input_userauth_request: invalid user 1234 [preauth]
May 12 15:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: pam_unix(sshd:auth): check pass; user unknown
May 12 15:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 15:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Failed password for invalid user 1234 from 193.32.162.157 port 1812 ssh2
May 12 15:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Connection closed by 193.32.162.157 port 1812 [preauth]
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7471]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7470]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7472]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7473]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7474]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7470]: pam_unix(cron:session): session closed for user root
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7474]: pam_unix(cron:session): session closed for user root
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session closed for user p13x
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7671]: Successful su for rubyman by root
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7671]: + ??? root:rubyman
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379843 of user rubyman.
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7671]: pam_unix(su:session): session closed for user rubyman
May 12 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379843.
May 12 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7471]: pam_unix(cron:session): session closed for user root
May 12 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4478]: pam_unix(cron:session): session closed for user root
May 12 16:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7469]: pam_unix(cron:session): session closed for user samftp
May 12 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6527]: pam_unix(cron:session): session closed for user root
May 12 16:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106  user=root
May 12 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8086]: Failed password for root from 176.205.243.106 port 56574 ssh2
May 12 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8086]: Received disconnect from 176.205.243.106 port 56574:11: Bye Bye [preauth]
May 12 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8086]: Disconnected from 176.205.243.106 port 56574 [preauth]
May 12 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8103]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8104]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8101]: pam_unix(cron:session): session closed for user p13x
May 12 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: Successful su for rubyman by root
May 12 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: + ??? root:rubyman
May 12 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379850 of user rubyman.
May 12 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: pam_unix(su:session): session closed for user rubyman
May 12 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379850.
May 12 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session closed for user root
May 12 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8102]: pam_unix(cron:session): session closed for user samftp
May 12 16:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7030]: pam_unix(cron:session): session closed for user root
May 12 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8538]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8539]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8535]: pam_unix(cron:session): session closed for user p13x
May 12 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8610]: Successful su for rubyman by root
May 12 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8610]: + ??? root:rubyman
May 12 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379856 of user rubyman.
May 12 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8610]: pam_unix(su:session): session closed for user rubyman
May 12 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379856.
May 12 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session closed for user root
May 12 16:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8537]: pam_unix(cron:session): session closed for user samftp
May 12 16:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7473]: pam_unix(cron:session): session closed for user root
May 12 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8970]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8969]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8966]: pam_unix(cron:session): session closed for user p13x
May 12 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9028]: Successful su for rubyman by root
May 12 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9028]: + ??? root:rubyman
May 12 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379859 of user rubyman.
May 12 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9028]: pam_unix(su:session): session closed for user rubyman
May 12 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379859.
May 12 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6121]: pam_unix(cron:session): session closed for user root
May 12 16:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8967]: pam_unix(cron:session): session closed for user samftp
May 12 16:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: Invalid user admin from 197.5.145.8
May 12 16:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: input_userauth_request: invalid user admin [preauth]
May 12 16:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: Failed password for invalid user admin from 197.5.145.8 port 40188 ssh2
May 12 16:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: Received disconnect from 197.5.145.8 port 40188:11: Bye Bye [preauth]
May 12 16:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: Disconnected from 197.5.145.8 port 40188 [preauth]
May 12 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8104]: pam_unix(cron:session): session closed for user root
May 12 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9491]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9489]: pam_unix(cron:session): session closed for user p13x
May 12 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9550]: Successful su for rubyman by root
May 12 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9550]: + ??? root:rubyman
May 12 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379862 of user rubyman.
May 12 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9550]: pam_unix(su:session): session closed for user rubyman
May 12 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379862.
May 12 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session closed for user root
May 12 16:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session closed for user samftp
May 12 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8539]: pam_unix(cron:session): session closed for user root
May 12 16:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: Invalid user admin from 80.94.95.125
May 12 16:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: input_userauth_request: invalid user admin [preauth]
May 12 16:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 16:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: Failed password for invalid user admin from 80.94.95.125 port 14131 ssh2
May 12 16:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: Received disconnect from 80.94.95.125 port 14131:11: Bye [preauth]
May 12 16:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: Disconnected from 80.94.95.125 port 14131 [preauth]
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9891]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9892]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9889]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9890]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9892]: pam_unix(cron:session): session closed for user root
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9887]: pam_unix(cron:session): session closed for user p13x
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9957]: Successful su for rubyman by root
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9957]: + ??? root:rubyman
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379866 of user rubyman.
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9957]: pam_unix(su:session): session closed for user rubyman
May 12 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379866.
May 12 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9889]: pam_unix(cron:session): session closed for user root
May 12 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7029]: pam_unix(cron:session): session closed for user root
May 12 16:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9888]: pam_unix(cron:session): session closed for user samftp
May 12 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8970]: pam_unix(cron:session): session closed for user root
May 12 16:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Invalid user zbx from 176.205.243.106
May 12 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: input_userauth_request: invalid user zbx [preauth]
May 12 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10411]: pam_unix(cron:session): session closed for user p13x
May 12 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10497]: Successful su for rubyman by root
May 12 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10497]: + ??? root:rubyman
May 12 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379873 of user rubyman.
May 12 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10497]: pam_unix(su:session): session closed for user rubyman
May 12 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379873.
May 12 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Failed password for invalid user zbx from 176.205.243.106 port 56468 ssh2
May 12 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Received disconnect from 176.205.243.106 port 56468:11: Bye Bye [preauth]
May 12 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Disconnected from 176.205.243.106 port 56468 [preauth]
May 12 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7472]: pam_unix(cron:session): session closed for user root
May 12 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10412]: pam_unix(cron:session): session closed for user samftp
May 12 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session closed for user root
May 12 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10902]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10901]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10899]: pam_unix(cron:session): session closed for user p13x
May 12 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10956]: Successful su for rubyman by root
May 12 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10956]: + ??? root:rubyman
May 12 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379876 of user rubyman.
May 12 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10956]: pam_unix(su:session): session closed for user rubyman
May 12 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379876.
May 12 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8103]: pam_unix(cron:session): session closed for user root
May 12 16:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10900]: pam_unix(cron:session): session closed for user samftp
May 12 16:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9891]: pam_unix(cron:session): session closed for user root
May 12 16:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11269]: Invalid user admin from 197.5.145.8
May 12 16:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11269]: input_userauth_request: invalid user admin [preauth]
May 12 16:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11269]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11269]: Failed password for invalid user admin from 197.5.145.8 port 40189 ssh2
May 12 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11269]: Received disconnect from 197.5.145.8 port 40189:11: Bye Bye [preauth]
May 12 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11269]: Disconnected from 197.5.145.8 port 40189 [preauth]
May 12 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11293]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11292]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session closed for user p13x
May 12 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11348]: Successful su for rubyman by root
May 12 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11348]: + ??? root:rubyman
May 12 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379880 of user rubyman.
May 12 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11348]: pam_unix(su:session): session closed for user rubyman
May 12 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379880.
May 12 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8538]: pam_unix(cron:session): session closed for user root
May 12 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11291]: pam_unix(cron:session): session closed for user samftp
May 12 16:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session closed for user root
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11687]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11686]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11682]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11684]: pam_unix(cron:session): session closed for user p13x
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11805]: Successful su for rubyman by root
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11805]: + ??? root:rubyman
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379886 of user rubyman.
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11805]: pam_unix(su:session): session closed for user rubyman
May 12 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379886.
May 12 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11682]: pam_unix(cron:session): session closed for user root
May 12 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8969]: pam_unix(cron:session): session closed for user root
May 12 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11685]: pam_unix(cron:session): session closed for user samftp
May 12 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10902]: pam_unix(cron:session): session closed for user root
May 12 16:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May 12 16:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: Failed password for root from 164.68.105.9 port 49602 ssh2
May 12 16:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: Connection closed by 164.68.105.9 port 49602 [preauth]
May 12 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12164]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12165]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12167]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12166]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12167]: pam_unix(cron:session): session closed for user root
May 12 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12162]: pam_unix(cron:session): session closed for user p13x
May 12 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12239]: Successful su for rubyman by root
May 12 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12239]: + ??? root:rubyman
May 12 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379894 of user rubyman.
May 12 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12239]: pam_unix(su:session): session closed for user rubyman
May 12 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379894.
May 12 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9491]: pam_unix(cron:session): session closed for user root
May 12 16:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12164]: pam_unix(cron:session): session closed for user root
May 12 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12163]: pam_unix(cron:session): session closed for user samftp
May 12 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11293]: pam_unix(cron:session): session closed for user root
May 12 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12600]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12599]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session closed for user p13x
May 12 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12663]: Successful su for rubyman by root
May 12 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12663]: + ??? root:rubyman
May 12 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379895 of user rubyman.
May 12 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12663]: pam_unix(su:session): session closed for user rubyman
May 12 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379895.
May 12 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9890]: pam_unix(cron:session): session closed for user root
May 12 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12598]: pam_unix(cron:session): session closed for user samftp
May 12 16:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12872]: Invalid user rd from 176.205.243.106
May 12 16:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12872]: input_userauth_request: invalid user rd [preauth]
May 12 16:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12872]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 16:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12872]: Failed password for invalid user rd from 176.205.243.106 port 41996 ssh2
May 12 16:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12872]: Received disconnect from 176.205.243.106 port 41996:11: Bye Bye [preauth]
May 12 16:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12872]: Disconnected from 176.205.243.106 port 41996 [preauth]
May 12 16:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11687]: pam_unix(cron:session): session closed for user root
May 12 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13001]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13002]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12999]: pam_unix(cron:session): session closed for user p13x
May 12 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: Successful su for rubyman by root
May 12 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: + ??? root:rubyman
May 12 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379901 of user rubyman.
May 12 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: pam_unix(su:session): session closed for user rubyman
May 12 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379901.
May 12 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session closed for user root
May 12 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13000]: pam_unix(cron:session): session closed for user samftp
May 12 16:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: Invalid user hamza from 197.5.145.8
May 12 16:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: input_userauth_request: invalid user hamza [preauth]
May 12 16:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: Failed password for invalid user hamza from 197.5.145.8 port 40190 ssh2
May 12 16:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: Received disconnect from 197.5.145.8 port 40190:11: Bye Bye [preauth]
May 12 16:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: Disconnected from 197.5.145.8 port 40190 [preauth]
May 12 16:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12166]: pam_unix(cron:session): session closed for user root
May 12 16:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: Failed password for root from 218.92.0.179 port 51317 ssh2
May 12 16:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 51317 ssh2]
May 12 16:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: Received disconnect from 218.92.0.179 port 51317:11:  [preauth]
May 12 16:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: Disconnected from 218.92.0.179 port 51317 [preauth]
May 12 16:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13404]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13401]: pam_unix(cron:session): session closed for user p13x
May 12 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13559]: Successful su for rubyman by root
May 12 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13559]: + ??? root:rubyman
May 12 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379903 of user rubyman.
May 12 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13559]: pam_unix(su:session): session closed for user rubyman
May 12 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379903.
May 12 16:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10901]: pam_unix(cron:session): session closed for user root
May 12 16:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session closed for user samftp
May 12 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12600]: pam_unix(cron:session): session closed for user root
May 12 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13905]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13904]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13902]: pam_unix(cron:session): session closed for user p13x
May 12 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13964]: Successful su for rubyman by root
May 12 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13964]: + ??? root:rubyman
May 12 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379909 of user rubyman.
May 12 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13964]: pam_unix(su:session): session closed for user rubyman
May 12 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379909.
May 12 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11292]: pam_unix(cron:session): session closed for user root
May 12 16:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13903]: pam_unix(cron:session): session closed for user samftp
May 12 16:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Invalid user admin from 80.94.95.112
May 12 16:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: input_userauth_request: invalid user admin [preauth]
May 12 16:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 16:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Failed password for invalid user admin from 80.94.95.112 port 64013 ssh2
May 12 16:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Failed password for invalid user admin from 80.94.95.112 port 64013 ssh2
May 12 16:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Failed password for invalid user admin from 80.94.95.112 port 64013 ssh2
May 12 16:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13002]: pam_unix(cron:session): session closed for user root
May 12 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Failed password for invalid user admin from 80.94.95.112 port 64013 ssh2
May 12 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Failed password for invalid user admin from 80.94.95.112 port 64013 ssh2
May 12 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Received disconnect from 80.94.95.112 port 64013:11: Bye [preauth]
May 12 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Disconnected from 80.94.95.112 port 64013 [preauth]
May 12 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14307]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14306]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14305]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14308]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14308]: pam_unix(cron:session): session closed for user root
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14303]: pam_unix(cron:session): session closed for user p13x
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: Successful su for rubyman by root
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: + ??? root:rubyman
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379913 of user rubyman.
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: pam_unix(su:session): session closed for user rubyman
May 12 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379913.
May 12 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14305]: pam_unix(cron:session): session closed for user root
May 12 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11686]: pam_unix(cron:session): session closed for user root
May 12 16:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14304]: pam_unix(cron:session): session closed for user samftp
May 12 16:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13404]: pam_unix(cron:session): session closed for user root
May 12 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14754]: pam_unix(cron:session): session closed for user p13x
May 12 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: Successful su for rubyman by root
May 12 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: + ??? root:rubyman
May 12 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379918 of user rubyman.
May 12 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: pam_unix(su:session): session closed for user rubyman
May 12 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379918.
May 12 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12165]: pam_unix(cron:session): session closed for user root
May 12 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session closed for user samftp
May 12 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13905]: pam_unix(cron:session): session closed for user root
May 12 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Invalid user dan from 176.205.243.106
May 12 16:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: input_userauth_request: invalid user dan [preauth]
May 12 16:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 16:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Failed password for invalid user dan from 176.205.243.106 port 46748 ssh2
May 12 16:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Received disconnect from 176.205.243.106 port 46748:11: Bye Bye [preauth]
May 12 16:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Disconnected from 176.205.243.106 port 46748 [preauth]
May 12 16:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Invalid user rr from 197.5.145.8
May 12 16:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: input_userauth_request: invalid user rr [preauth]
May 12 16:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Failed password for invalid user rr from 197.5.145.8 port 40191 ssh2
May 12 16:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Received disconnect from 197.5.145.8 port 40191:11: Bye Bye [preauth]
May 12 16:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Disconnected from 197.5.145.8 port 40191 [preauth]
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15169]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15170]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session closed for user root
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session closed for user p13x
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15230]: Successful su for rubyman by root
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15230]: + ??? root:rubyman
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379921 of user rubyman.
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15230]: pam_unix(su:session): session closed for user rubyman
May 12 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379921.
May 12 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12599]: pam_unix(cron:session): session closed for user root
May 12 16:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session closed for user samftp
May 12 16:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14307]: pam_unix(cron:session): session closed for user root
May 12 16:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Invalid user debian from 80.94.95.125
May 12 16:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: input_userauth_request: invalid user debian [preauth]
May 12 16:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 16:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Failed password for invalid user debian from 80.94.95.125 port 32510 ssh2
May 12 16:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Received disconnect from 80.94.95.125 port 32510:11: Bye [preauth]
May 12 16:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Disconnected from 80.94.95.125 port 32510 [preauth]
May 12 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15564]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15565]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15562]: pam_unix(cron:session): session closed for user p13x
May 12 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15624]: Successful su for rubyman by root
May 12 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15624]: + ??? root:rubyman
May 12 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379926 of user rubyman.
May 12 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15624]: pam_unix(su:session): session closed for user rubyman
May 12 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379926.
May 12 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13001]: pam_unix(cron:session): session closed for user root
May 12 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15563]: pam_unix(cron:session): session closed for user samftp
May 12 16:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Failed password for root from 218.92.0.179 port 58563 ssh2
May 12 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 58563 ssh2]
May 12 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Received disconnect from 218.92.0.179 port 58563:11:  [preauth]
May 12 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Disconnected from 218.92.0.179 port 58563 [preauth]
May 12 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session closed for user root
May 12 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15971]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session closed for user p13x
May 12 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: Successful su for rubyman by root
May 12 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: + ??? root:rubyman
May 12 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379932 of user rubyman.
May 12 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: pam_unix(su:session): session closed for user rubyman
May 12 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379932.
May 12 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session closed for user root
May 12 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session closed for user samftp
May 12 16:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16252]: Did not receive identification string from 195.3.221.137
May 12 16:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15170]: pam_unix(cron:session): session closed for user root
May 12 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session closed for user root
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session closed for user p13x
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16430]: Successful su for rubyman by root
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16430]: + ??? root:rubyman
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379934 of user rubyman.
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16430]: pam_unix(su:session): session closed for user rubyman
May 12 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379934.
May 12 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session closed for user root
May 12 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13904]: pam_unix(cron:session): session closed for user root
May 12 16:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session closed for user samftp
May 12 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15565]: pam_unix(cron:session): session closed for user root
May 12 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16845]: pam_unix(cron:session): session closed for user p13x
May 12 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16937]: Successful su for rubyman by root
May 12 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16937]: + ??? root:rubyman
May 12 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379940 of user rubyman.
May 12 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16937]: pam_unix(su:session): session closed for user rubyman
May 12 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379940.
May 12 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14306]: pam_unix(cron:session): session closed for user root
May 12 16:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session closed for user samftp
May 12 16:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Invalid user zbx from 197.5.145.8
May 12 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: input_userauth_request: invalid user zbx [preauth]
May 12 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Failed password for invalid user zbx from 197.5.145.8 port 40192 ssh2
May 12 16:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Received disconnect from 197.5.145.8 port 40192:11: Bye Bye [preauth]
May 12 16:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Disconnected from 197.5.145.8 port 40192 [preauth]
May 12 16:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15971]: pam_unix(cron:session): session closed for user root
May 12 16:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Invalid user vagrant from 176.205.243.106
May 12 16:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: input_userauth_request: invalid user vagrant [preauth]
May 12 16:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 16:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Failed password for invalid user vagrant from 176.205.243.106 port 36438 ssh2
May 12 16:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Received disconnect from 176.205.243.106 port 36438:11: Bye Bye [preauth]
May 12 16:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Disconnected from 176.205.243.106 port 36438 [preauth]
May 12 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17291]: pam_unix(cron:session): session closed for user p13x
May 12 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17351]: Successful su for rubyman by root
May 12 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17351]: + ??? root:rubyman
May 12 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379944 of user rubyman.
May 12 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17351]: pam_unix(su:session): session closed for user rubyman
May 12 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379944.
May 12 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session closed for user root
May 12 16:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session closed for user samftp
May 12 16:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: Failed password for root from 218.92.0.179 port 42144 ssh2
May 12 16:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42144 ssh2]
May 12 16:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: Received disconnect from 218.92.0.179 port 42144:11:  [preauth]
May 12 16:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: Disconnected from 218.92.0.179 port 42144 [preauth]
May 12 16:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session closed for user root
May 12 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17708]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17709]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17705]: pam_unix(cron:session): session closed for user p13x
May 12 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17791]: Successful su for rubyman by root
May 12 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17791]: + ??? root:rubyman
May 12 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379948 of user rubyman.
May 12 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17791]: pam_unix(su:session): session closed for user rubyman
May 12 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379948.
May 12 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15169]: pam_unix(cron:session): session closed for user root
May 12 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17707]: pam_unix(cron:session): session closed for user samftp
May 12 16:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18146]: Did not receive identification string from 195.3.221.137
May 12 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session closed for user root
May 12 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18228]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18229]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18226]: pam_unix(cron:session): session closed for user p13x
May 12 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18293]: Successful su for rubyman by root
May 12 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18293]: + ??? root:rubyman
May 12 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379953 of user rubyman.
May 12 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18293]: pam_unix(su:session): session closed for user rubyman
May 12 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379953.
May 12 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15564]: pam_unix(cron:session): session closed for user root
May 12 16:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18227]: pam_unix(cron:session): session closed for user samftp
May 12 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user root
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18637]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session closed for user root
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18634]: pam_unix(cron:session): session closed for user p13x
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: Successful su for rubyman by root
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: + ??? root:rubyman
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379961 of user rubyman.
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: pam_unix(su:session): session closed for user rubyman
May 12 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379961.
May 12 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session closed for user root
May 12 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session closed for user root
May 12 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18635]: pam_unix(cron:session): session closed for user samftp
May 12 16:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17709]: pam_unix(cron:session): session closed for user root
May 12 16:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19056]: Invalid user ubuntu from 197.5.145.8
May 12 16:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19056]: input_userauth_request: invalid user ubuntu [preauth]
May 12 16:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19056]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19056]: Failed password for invalid user ubuntu from 197.5.145.8 port 40193 ssh2
May 12 16:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19056]: Received disconnect from 197.5.145.8 port 40193:11: Bye Bye [preauth]
May 12 16:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19056]: Disconnected from 197.5.145.8 port 40193 [preauth]
May 12 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19085]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19084]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19082]: pam_unix(cron:session): session closed for user p13x
May 12 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19148]: Successful su for rubyman by root
May 12 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19148]: + ??? root:rubyman
May 12 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379962 of user rubyman.
May 12 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19148]: pam_unix(su:session): session closed for user rubyman
May 12 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379962.
May 12 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session closed for user root
May 12 16:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19083]: pam_unix(cron:session): session closed for user samftp
May 12 16:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18229]: pam_unix(cron:session): session closed for user root
May 12 16:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Invalid user devel from 176.205.243.106
May 12 16:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: input_userauth_request: invalid user devel [preauth]
May 12 16:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 16:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Failed password for invalid user devel from 176.205.243.106 port 54810 ssh2
May 12 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Received disconnect from 176.205.243.106 port 54810:11: Bye Bye [preauth]
May 12 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Disconnected from 176.205.243.106 port 54810 [preauth]
May 12 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19500]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19501]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19498]: pam_unix(cron:session): session closed for user p13x
May 12 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19562]: Successful su for rubyman by root
May 12 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19562]: + ??? root:rubyman
May 12 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379966 of user rubyman.
May 12 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19562]: pam_unix(su:session): session closed for user rubyman
May 12 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379966.
May 12 16:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session closed for user root
May 12 16:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19499]: pam_unix(cron:session): session closed for user samftp
May 12 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session closed for user root
May 12 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19914]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19915]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19912]: pam_unix(cron:session): session closed for user p13x
May 12 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19980]: Successful su for rubyman by root
May 12 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19980]: + ??? root:rubyman
May 12 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379970 of user rubyman.
May 12 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19980]: pam_unix(su:session): session closed for user rubyman
May 12 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379970.
May 12 16:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session closed for user root
May 12 16:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19913]: pam_unix(cron:session): session closed for user samftp
May 12 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19085]: pam_unix(cron:session): session closed for user root
May 12 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.54.167  user=root
May 12 16:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20255]: Failed password for root from 101.126.54.167 port 47332 ssh2
May 12 16:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20255]: Received disconnect from 101.126.54.167 port 47332:11: Bye Bye [preauth]
May 12 16:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20255]: Disconnected from 101.126.54.167 port 47332 [preauth]
May 12 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20326]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session closed for user p13x
May 12 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20387]: Successful su for rubyman by root
May 12 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20387]: + ??? root:rubyman
May 12 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379975 of user rubyman.
May 12 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20387]: pam_unix(su:session): session closed for user rubyman
May 12 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379975.
May 12 16:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17708]: pam_unix(cron:session): session closed for user root
May 12 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20325]: pam_unix(cron:session): session closed for user samftp
May 12 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19501]: pam_unix(cron:session): session closed for user root
May 12 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20739]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20736]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20739]: pam_unix(cron:session): session closed for user root
May 12 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session closed for user p13x
May 12 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: Successful su for rubyman by root
May 12 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: + ??? root:rubyman
May 12 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379980 of user rubyman.
May 12 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: pam_unix(su:session): session closed for user rubyman
May 12 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379980.
May 12 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18228]: pam_unix(cron:session): session closed for user root
May 12 16:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20736]: pam_unix(cron:session): session closed for user root
May 12 16:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20735]: pam_unix(cron:session): session closed for user samftp
May 12 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Invalid user dan from 197.5.145.8
May 12 16:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: input_userauth_request: invalid user dan [preauth]
May 12 16:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Failed password for invalid user dan from 197.5.145.8 port 40194 ssh2
May 12 16:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Received disconnect from 197.5.145.8 port 40194:11: Bye Bye [preauth]
May 12 16:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Disconnected from 197.5.145.8 port 40194 [preauth]
May 12 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19915]: pam_unix(cron:session): session closed for user root
May 12 16:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 16:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Failed password for root from 80.94.95.125 port 23902 ssh2
May 12 16:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Received disconnect from 80.94.95.125 port 23902:11: Bye [preauth]
May 12 16:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Disconnected from 80.94.95.125 port 23902 [preauth]
May 12 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21192]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21191]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21181]: pam_unix(cron:session): session closed for user p13x
May 12 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21286]: Successful su for rubyman by root
May 12 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21286]: + ??? root:rubyman
May 12 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379984 of user rubyman.
May 12 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21286]: pam_unix(su:session): session closed for user rubyman
May 12 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379984.
May 12 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18637]: pam_unix(cron:session): session closed for user root
May 12 16:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21190]: pam_unix(cron:session): session closed for user samftp
May 12 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session closed for user root
May 12 16:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 16:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Failed password for root from 80.94.95.15 port 29977 ssh2
May 12 16:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: message repeated 4 times: [ Failed password for root from 80.94.95.15 port 29977 ssh2]
May 12 16:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Received disconnect from 80.94.95.15 port 29977:11: Bye [preauth]
May 12 16:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Disconnected from 80.94.95.15 port 29977 [preauth]
May 12 16:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 16:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21656]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session closed for user p13x
May 12 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: Successful su for rubyman by root
May 12 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: + ??? root:rubyman
May 12 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379990 of user rubyman.
May 12 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: pam_unix(su:session): session closed for user rubyman
May 12 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379990.
May 12 16:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19084]: pam_unix(cron:session): session closed for user root
May 12 16:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session closed for user samftp
May 12 16:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Invalid user rr from 176.205.243.106
May 12 16:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: input_userauth_request: invalid user rr [preauth]
May 12 16:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Failed password for invalid user rr from 176.205.243.106 port 44398 ssh2
May 12 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Received disconnect from 176.205.243.106 port 44398:11: Bye Bye [preauth]
May 12 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Disconnected from 176.205.243.106 port 44398 [preauth]
May 12 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session closed for user root
May 12 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22412]: pam_unix(cron:session): session closed for user p13x
May 12 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: Successful su for rubyman by root
May 12 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: + ??? root:rubyman
May 12 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379992 of user rubyman.
May 12 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: pam_unix(su:session): session closed for user rubyman
May 12 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379992.
May 12 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19500]: pam_unix(cron:session): session closed for user root
May 12 16:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session closed for user samftp
May 12 16:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: Did not receive identification string from 176.66.119.172
May 12 16:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: Invalid user minecraft from 176.66.119.172
May 12 16:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: input_userauth_request: invalid user minecraft [preauth]
May 12 16:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21192]: pam_unix(cron:session): session closed for user root
May 12 16:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: Failed password for invalid user minecraft from 176.66.119.172 port 59736 ssh2
May 12 16:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: Connection closed by 176.66.119.172 port 59736 [preauth]
May 12 16:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: Invalid user a from 176.66.119.172
May 12 16:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: input_userauth_request: invalid user a [preauth]
May 12 16:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: Failed password for invalid user a from 176.66.119.172 port 59746 ssh2
May 12 16:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: Connection closed by 176.66.119.172 port 59746 [preauth]
May 12 16:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: Invalid user centos from 176.66.119.172
May 12 16:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: input_userauth_request: invalid user centos [preauth]
May 12 16:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: Failed password for invalid user centos from 176.66.119.172 port 37110 ssh2
May 12 16:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: Connection closed by 176.66.119.172 port 37110 [preauth]
May 12 16:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: Invalid user ansible from 176.66.119.172
May 12 16:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: input_userauth_request: invalid user ansible [preauth]
May 12 16:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: Failed password for invalid user ansible from 176.66.119.172 port 37126 ssh2
May 12 16:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: Connection closed by 176.66.119.172 port 37126 [preauth]
May 12 16:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: Invalid user admin from 176.66.119.172
May 12 16:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: input_userauth_request: invalid user admin [preauth]
May 12 16:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: Failed password for invalid user admin from 176.66.119.172 port 45186 ssh2
May 12 16:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: Connection closed by 176.66.119.172 port 45186 [preauth]
May 12 16:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22869]: Invalid user csserver from 176.66.119.172
May 12 16:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22869]: input_userauth_request: invalid user csserver [preauth]
May 12 16:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22869]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22869]: Failed password for invalid user csserver from 176.66.119.172 port 45190 ssh2
May 12 16:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22869]: Connection closed by 176.66.119.172 port 45190 [preauth]
May 12 16:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22873]: Invalid user user2 from 176.66.119.172
May 12 16:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22873]: input_userauth_request: invalid user user2 [preauth]
May 12 16:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22873]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22889]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22887]: pam_unix(cron:session): session closed for user p13x
May 12 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22983]: Successful su for rubyman by root
May 12 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22983]: + ??? root:rubyman
May 12 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 379996 of user rubyman.
May 12 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22983]: pam_unix(su:session): session closed for user rubyman
May 12 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 379996.
May 12 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22873]: Failed password for invalid user user2 from 176.66.119.172 port 44774 ssh2
May 12 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22873]: Connection closed by 176.66.119.172 port 44774 [preauth]
May 12 16:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19914]: pam_unix(cron:session): session closed for user root
May 12 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: Invalid user zjw from 176.66.119.172
May 12 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: input_userauth_request: invalid user zjw [preauth]
May 12 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: Failed password for invalid user zjw from 176.66.119.172 port 44788 ssh2
May 12 16:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22888]: pam_unix(cron:session): session closed for user samftp
May 12 16:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: Connection closed by 176.66.119.172 port 44788 [preauth]
May 12 16:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: Invalid user test from 176.66.119.172
May 12 16:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: input_userauth_request: invalid user test [preauth]
May 12 16:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: Failed password for invalid user test from 176.66.119.172 port 44800 ssh2
May 12 16:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: Connection closed by 176.66.119.172 port 44800 [preauth]
May 12 16:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May 12 16:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: Failed password for root from 176.66.119.172 port 52316 ssh2
May 12 16:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: Connection closed by 176.66.119.172 port 52316 [preauth]
May 12 16:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: Invalid user postgres from 176.66.119.172
May 12 16:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: input_userauth_request: invalid user postgres [preauth]
May 12 16:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: Failed password for invalid user postgres from 176.66.119.172 port 52328 ssh2
May 12 16:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: Connection closed by 176.66.119.172 port 52328 [preauth]
May 12 16:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: Invalid user postgres from 176.66.119.172
May 12 16:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: input_userauth_request: invalid user postgres [preauth]
May 12 16:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: Failed password for invalid user postgres from 176.66.119.172 port 43608 ssh2
May 12 16:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: Connection closed by 176.66.119.172 port 43608 [preauth]
May 12 16:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Invalid user hadoop from 176.66.119.172
May 12 16:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: input_userauth_request: invalid user hadoop [preauth]
May 12 16:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Failed password for invalid user hadoop from 176.66.119.172 port 43624 ssh2
May 12 16:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Connection closed by 176.66.119.172 port 43624 [preauth]
May 12 16:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May 12 16:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: Failed password for root from 176.66.119.172 port 42740 ssh2
May 12 16:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: Connection closed by 176.66.119.172 port 42740 [preauth]
May 12 16:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May 12 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21656]: pam_unix(cron:session): session closed for user root
May 12 16:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: Failed password for root from 176.66.119.172 port 42756 ssh2
May 12 16:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: Connection closed by 176.66.119.172 port 42756 [preauth]
May 12 16:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Invalid user test from 176.66.119.172
May 12 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: input_userauth_request: invalid user test [preauth]
May 12 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Failed password for invalid user test from 176.66.119.172 port 42764 ssh2
May 12 16:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Connection closed by 176.66.119.172 port 42764 [preauth]
May 12 16:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Invalid user steam from 176.66.119.172
May 12 16:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: input_userauth_request: invalid user steam [preauth]
May 12 16:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Failed password for root from 218.92.0.179 port 52193 ssh2
May 12 16:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Failed password for invalid user steam from 176.66.119.172 port 34472 ssh2
May 12 16:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Connection closed by 176.66.119.172 port 34472 [preauth]
May 12 16:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Failed password for root from 218.92.0.179 port 52193 ssh2
May 12 16:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Failed password for root from 218.92.0.179 port 52193 ssh2
May 12 16:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May 12 16:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Received disconnect from 218.92.0.179 port 52193:11:  [preauth]
May 12 16:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Disconnected from 218.92.0.179 port 52193 [preauth]
May 12 16:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Failed password for root from 176.66.119.172 port 34480 ssh2
May 12 16:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Connection closed by 176.66.119.172 port 34480 [preauth]
May 12 16:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May 12 16:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23425]: Failed password for root from 176.66.119.172 port 54454 ssh2
May 12 16:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23425]: Connection closed by 176.66.119.172 port 54454 [preauth]
May 12 16:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Invalid user samara from 197.5.145.8
May 12 16:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: input_userauth_request: invalid user samara [preauth]
May 12 16:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23437]: Invalid user csserver from 176.66.119.172
May 12 16:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23437]: input_userauth_request: invalid user csserver [preauth]
May 12 16:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23437]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Failed password for invalid user samara from 197.5.145.8 port 40195 ssh2
May 12 16:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Received disconnect from 197.5.145.8 port 40195:11: Bye Bye [preauth]
May 12 16:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Disconnected from 197.5.145.8 port 40195 [preauth]
May 12 16:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23437]: Failed password for invalid user csserver from 176.66.119.172 port 54458 ssh2
May 12 16:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23437]: Connection closed by 176.66.119.172 port 54458 [preauth]
May 12 16:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Invalid user git from 176.66.119.172
May 12 16:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: input_userauth_request: invalid user git [preauth]
May 12 16:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23457]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23460]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23458]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23459]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23460]: pam_unix(cron:session): session closed for user root
May 12 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Failed password for invalid user git from 176.66.119.172 port 50764 ssh2
May 12 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23455]: pam_unix(cron:session): session closed for user p13x
May 12 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Connection closed by 176.66.119.172 port 50764 [preauth]
May 12 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23528]: Successful su for rubyman by root
May 12 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23528]: + ??? root:rubyman
May 12 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380000 of user rubyman.
May 12 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23528]: pam_unix(su:session): session closed for user rubyman
May 12 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380000.
May 12 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23525]: Invalid user admin from 176.66.119.172
May 12 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23525]: input_userauth_request: invalid user admin [preauth]
May 12 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23525]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23457]: pam_unix(cron:session): session closed for user root
May 12 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20326]: pam_unix(cron:session): session closed for user root
May 12 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23525]: Failed password for invalid user admin from 176.66.119.172 port 50778 ssh2
May 12 16:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23525]: Connection closed by 176.66.119.172 port 50778 [preauth]
May 12 16:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: Invalid user minecraft from 176.66.119.172
May 12 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: input_userauth_request: invalid user minecraft [preauth]
May 12 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session closed for user samftp
May 12 16:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: Failed password for invalid user minecraft from 176.66.119.172 port 50794 ssh2
May 12 16:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: Connection closed by 176.66.119.172 port 50794 [preauth]
May 12 16:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May 12 16:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: Failed password for root from 176.66.119.172 port 60344 ssh2
May 12 16:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: Connection closed by 176.66.119.172 port 60344 [preauth]
May 12 16:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: User ftp from 176.66.119.172 not allowed because not listed in AllowUsers
May 12 16:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: input_userauth_request: invalid user ftp [preauth]
May 12 16:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=ftp
May 12 16:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Failed password for invalid user ftp from 176.66.119.172 port 60358 ssh2
May 12 16:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Connection closed by 176.66.119.172 port 60358 [preauth]
May 12 16:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May 12 16:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: Failed password for root from 176.66.119.172 port 60362 ssh2
May 12 16:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: Connection closed by 176.66.119.172 port 60362 [preauth]
May 12 16:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: User ftp from 176.66.119.172 not allowed because not listed in AllowUsers
May 12 16:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: input_userauth_request: invalid user ftp [preauth]
May 12 16:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=ftp
May 12 16:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: Failed password for invalid user ftp from 176.66.119.172 port 59004 ssh2
May 12 16:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: Connection closed by 176.66.119.172 port 59004 [preauth]
May 12 16:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: Invalid user mc from 176.66.119.172
May 12 16:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: input_userauth_request: invalid user mc [preauth]
May 12 16:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: Failed password for invalid user mc from 176.66.119.172 port 59016 ssh2
May 12 16:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: Connection closed by 176.66.119.172 port 59016 [preauth]
May 12 16:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: Invalid user 1 from 176.66.119.172
May 12 16:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: input_userauth_request: invalid user 1 [preauth]
May 12 16:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: Failed password for invalid user 1 from 176.66.119.172 port 59020 ssh2
May 12 16:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: Connection closed by 176.66.119.172 port 59020 [preauth]
May 12 16:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: Invalid user ansible from 176.66.119.172
May 12 16:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: input_userauth_request: invalid user ansible [preauth]
May 12 16:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: Failed password for invalid user ansible from 176.66.119.172 port 38012 ssh2
May 12 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: Connection closed by 176.66.119.172 port 38012 [preauth]
May 12 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Invalid user centos from 176.66.119.172
May 12 16:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: input_userauth_request: invalid user centos [preauth]
May 12 16:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session closed for user root
May 12 16:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Failed password for invalid user centos from 176.66.119.172 port 38020 ssh2
May 12 16:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Connection closed by 176.66.119.172 port 38020 [preauth]
May 12 16:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Invalid user a from 176.66.119.172
May 12 16:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: input_userauth_request: invalid user a [preauth]
May 12 16:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Failed password for invalid user a from 176.66.119.172 port 38034 ssh2
May 12 16:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Connection closed by 176.66.119.172 port 38034 [preauth]
May 12 16:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: Invalid user user from 176.66.119.172
May 12 16:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: input_userauth_request: invalid user user [preauth]
May 12 16:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: Failed password for invalid user user from 176.66.119.172 port 49684 ssh2
May 12 16:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: Connection closed by 176.66.119.172 port 49684 [preauth]
May 12 16:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Invalid user git from 176.66.119.172
May 12 16:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: input_userauth_request: invalid user git [preauth]
May 12 16:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Failed password for invalid user git from 176.66.119.172 port 49694 ssh2
May 12 16:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Connection closed by 176.66.119.172 port 49694 [preauth]
May 12 16:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May 12 16:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: Failed password for root from 176.66.119.172 port 49700 ssh2
May 12 16:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: Connection closed by 176.66.119.172 port 49700 [preauth]
May 12 16:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24021]: Invalid user ubuntu from 176.66.119.172
May 12 16:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24021]: input_userauth_request: invalid user ubuntu [preauth]
May 12 16:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24021]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24021]: Failed password for invalid user ubuntu from 176.66.119.172 port 43430 ssh2
May 12 16:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24021]: Connection closed by 176.66.119.172 port 43430 [preauth]
May 12 16:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24023]: Invalid user ubuntu from 176.66.119.172
May 12 16:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24023]: input_userauth_request: invalid user ubuntu [preauth]
May 12 16:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24023]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24023]: Failed password for invalid user ubuntu from 176.66.119.172 port 43444 ssh2
May 12 16:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24023]: Connection closed by 176.66.119.172 port 43444 [preauth]
May 12 16:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Invalid user user2 from 176.66.119.172
May 12 16:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: input_userauth_request: invalid user user2 [preauth]
May 12 16:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Failed password for invalid user user2 from 176.66.119.172 port 43450 ssh2
May 12 16:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Connection closed by 176.66.119.172 port 43450 [preauth]
May 12 16:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: Invalid user user3 from 176.66.119.172
May 12 16:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: input_userauth_request: invalid user user3 [preauth]
May 12 16:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: Failed password for invalid user user3 from 176.66.119.172 port 45564 ssh2
May 12 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: Connection closed by 176.66.119.172 port 45564 [preauth]
May 12 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24051]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24052]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24049]: pam_unix(cron:session): session closed for user p13x
May 12 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24116]: Successful su for rubyman by root
May 12 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24116]: + ??? root:rubyman
May 12 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380008 of user rubyman.
May 12 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24116]: pam_unix(su:session): session closed for user rubyman
May 12 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380008.
May 12 16:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May 12 16:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Failed password for root from 176.66.119.172 port 45572 ssh2
May 12 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Connection closed by 176.66.119.172 port 45572 [preauth]
May 12 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session closed for user root
May 12 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: Invalid user cs2server from 176.66.119.172
May 12 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: input_userauth_request: invalid user cs2server [preauth]
May 12 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May 12 16:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24050]: pam_unix(cron:session): session closed for user samftp
May 12 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: Failed password for invalid user cs2server from 176.66.119.172 port 45584 ssh2
May 12 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: Connection closed by 176.66.119.172 port 45584 [preauth]
May 12 16:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session closed for user root
May 12 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24489]: pam_unix(cron:session): session closed for user p13x
May 12 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24556]: Successful su for rubyman by root
May 12 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24556]: + ??? root:rubyman
May 12 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380011 of user rubyman.
May 12 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24556]: pam_unix(su:session): session closed for user rubyman
May 12 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380011.
May 12 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21191]: pam_unix(cron:session): session closed for user root
May 12 16:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24490]: pam_unix(cron:session): session closed for user samftp
May 12 16:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106  user=root
May 12 16:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: Failed password for root from 176.205.243.106 port 57176 ssh2
May 12 16:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: Received disconnect from 176.205.243.106 port 57176:11: Bye Bye [preauth]
May 12 16:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: Disconnected from 176.205.243.106 port 57176 [preauth]
May 12 16:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23459]: pam_unix(cron:session): session closed for user root
May 12 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24917]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24919]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session closed for user p13x
May 12 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24984]: Successful su for rubyman by root
May 12 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24984]: + ??? root:rubyman
May 12 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380014 of user rubyman.
May 12 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24984]: pam_unix(su:session): session closed for user rubyman
May 12 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380014.
May 12 16:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21646]: pam_unix(cron:session): session closed for user root
May 12 16:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24916]: pam_unix(cron:session): session closed for user samftp
May 12 16:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24052]: pam_unix(cron:session): session closed for user root
May 12 16:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Failed password for root from 218.92.0.179 port 53912 ssh2
May 12 16:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 53912 ssh2]
May 12 16:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Received disconnect from 218.92.0.179 port 53912:11:  [preauth]
May 12 16:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Disconnected from 218.92.0.179 port 53912 [preauth]
May 12 16:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25332]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25333]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25328]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25330]: pam_unix(cron:session): session closed for user p13x
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25456]: Successful su for rubyman by root
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25456]: + ??? root:rubyman
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380021 of user rubyman.
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25456]: pam_unix(su:session): session closed for user rubyman
May 12 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380021.
May 12 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25328]: pam_unix(cron:session): session closed for user root
May 12 16:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session closed for user root
May 12 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25331]: pam_unix(cron:session): session closed for user samftp
May 12 16:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Invalid user vagrant from 197.5.145.8
May 12 16:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: input_userauth_request: invalid user vagrant [preauth]
May 12 16:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Failed password for invalid user vagrant from 197.5.145.8 port 40196 ssh2
May 12 16:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Received disconnect from 197.5.145.8 port 40196:11: Bye Bye [preauth]
May 12 16:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Disconnected from 197.5.145.8 port 40196 [preauth]
May 12 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session closed for user root
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25912]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session closed for user root
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25910]: pam_unix(cron:session): session closed for user p13x
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25991]: Successful su for rubyman by root
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25991]: + ??? root:rubyman
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380026 of user rubyman.
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25991]: pam_unix(su:session): session closed for user rubyman
May 12 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380026.
May 12 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22889]: pam_unix(cron:session): session closed for user root
May 12 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25912]: pam_unix(cron:session): session closed for user root
May 12 16:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25911]: pam_unix(cron:session): session closed for user samftp
May 12 16:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24919]: pam_unix(cron:session): session closed for user root
May 12 16:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: Invalid user admin from 45.6.188.43
May 12 16:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: input_userauth_request: invalid user admin [preauth]
May 12 16:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 12 16:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: Failed password for invalid user admin from 45.6.188.43 port 48152 ssh2
May 12 16:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: Connection closed by 45.6.188.43 port 48152 [preauth]
May 12 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26362]: pam_unix(cron:session): session closed for user p13x
May 12 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26442]: Successful su for rubyman by root
May 12 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26442]: + ??? root:rubyman
May 12 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380029 of user rubyman.
May 12 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26442]: pam_unix(su:session): session closed for user rubyman
May 12 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380029.
May 12 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23458]: pam_unix(cron:session): session closed for user root
May 12 16:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26363]: pam_unix(cron:session): session closed for user samftp
May 12 16:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25333]: pam_unix(cron:session): session closed for user root
May 12 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26902]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26899]: pam_unix(cron:session): session closed for user p13x
May 12 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26997]: Successful su for rubyman by root
May 12 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26997]: + ??? root:rubyman
May 12 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380033 of user rubyman.
May 12 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26997]: pam_unix(su:session): session closed for user rubyman
May 12 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380033.
May 12 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24051]: pam_unix(cron:session): session closed for user root
May 12 16:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26901]: pam_unix(cron:session): session closed for user samftp
May 12 16:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session closed for user root
May 12 16:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Invalid user newuser from 176.205.243.106
May 12 16:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: input_userauth_request: invalid user newuser [preauth]
May 12 16:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 16:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Failed password for invalid user newuser from 176.205.243.106 port 44834 ssh2
May 12 16:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Received disconnect from 176.205.243.106 port 44834:11: Bye Bye [preauth]
May 12 16:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Disconnected from 176.205.243.106 port 44834 [preauth]
May 12 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27461]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session closed for user p13x
May 12 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27543]: Successful su for rubyman by root
May 12 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27543]: + ??? root:rubyman
May 12 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380037 of user rubyman.
May 12 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27543]: pam_unix(su:session): session closed for user rubyman
May 12 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380037.
May 12 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session closed for user root
May 12 16:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session closed for user samftp
May 12 16:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26365]: pam_unix(cron:session): session closed for user root
May 12 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: Invalid user guest from 80.94.95.125
May 12 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: input_userauth_request: invalid user guest [preauth]
May 12 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 16:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: Failed password for invalid user guest from 80.94.95.125 port 48381 ssh2
May 12 16:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: Received disconnect from 80.94.95.125 port 48381:11: Bye [preauth]
May 12 16:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: Disconnected from 80.94.95.125 port 48381 [preauth]
May 12 16:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Invalid user test1 from 197.5.145.8
May 12 16:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: input_userauth_request: invalid user test1 [preauth]
May 12 16:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27919]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27920]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session closed for user p13x
May 12 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27983]: Successful su for rubyman by root
May 12 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27983]: + ??? root:rubyman
May 12 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380042 of user rubyman.
May 12 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27983]: pam_unix(su:session): session closed for user rubyman
May 12 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380042.
May 12 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Failed password for invalid user test1 from 197.5.145.8 port 40197 ssh2
May 12 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Received disconnect from 197.5.145.8 port 40197:11: Bye Bye [preauth]
May 12 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Disconnected from 197.5.145.8 port 40197 [preauth]
May 12 16:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24917]: pam_unix(cron:session): session closed for user root
May 12 16:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27918]: pam_unix(cron:session): session closed for user samftp
May 12 16:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session closed for user root
May 12 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28322]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28323]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session closed for user root
May 12 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28320]: pam_unix(cron:session): session closed for user p13x
May 12 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: Successful su for rubyman by root
May 12 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: + ??? root:rubyman
May 12 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380047 of user rubyman.
May 12 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: pam_unix(su:session): session closed for user rubyman
May 12 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380047.
May 12 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28322]: pam_unix(cron:session): session closed for user root
May 12 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25332]: pam_unix(cron:session): session closed for user root
May 12 16:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28321]: pam_unix(cron:session): session closed for user samftp
May 12 16:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27461]: pam_unix(cron:session): session closed for user root
May 12 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28760]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28761]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28757]: pam_unix(cron:session): session closed for user p13x
May 12 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28826]: Successful su for rubyman by root
May 12 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28826]: + ??? root:rubyman
May 12 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380051 of user rubyman.
May 12 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28826]: pam_unix(su:session): session closed for user rubyman
May 12 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380051.
May 12 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session closed for user root
May 12 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28758]: pam_unix(cron:session): session closed for user samftp
May 12 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27920]: pam_unix(cron:session): session closed for user root
May 12 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29303]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29304]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session closed for user p13x
May 12 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29365]: Successful su for rubyman by root
May 12 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29365]: + ??? root:rubyman
May 12 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380058 of user rubyman.
May 12 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29365]: pam_unix(su:session): session closed for user rubyman
May 12 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380058.
May 12 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26364]: pam_unix(cron:session): session closed for user root
May 12 16:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29302]: pam_unix(cron:session): session closed for user samftp
May 12 16:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Invalid user admin from 80.94.95.112
May 12 16:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: input_userauth_request: invalid user admin [preauth]
May 12 16:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 16:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Failed password for invalid user admin from 80.94.95.112 port 54329 ssh2
May 12 16:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May 12 16:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Failed password for invalid user admin from 80.94.95.112 port 54329 ssh2
May 12 16:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: Failed password for root from 218.92.0.215 port 20664 ssh2
May 12 16:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Failed password for invalid user admin from 80.94.95.112 port 54329 ssh2
May 12 16:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Failed password for invalid user admin from 80.94.95.112 port 54329 ssh2
May 12 16:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: Failed password for root from 218.92.0.215 port 20664 ssh2
May 12 16:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Failed password for invalid user admin from 80.94.95.112 port 54329 ssh2
May 12 16:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Received disconnect from 80.94.95.112 port 54329:11: Bye [preauth]
May 12 16:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Disconnected from 80.94.95.112 port 54329 [preauth]
May 12 16:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 16:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session closed for user root
May 12 16:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Invalid user admin from 176.205.243.106
May 12 16:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: input_userauth_request: invalid user admin [preauth]
May 12 16:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 16:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Failed password for invalid user admin from 176.205.243.106 port 36022 ssh2
May 12 16:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Received disconnect from 176.205.243.106 port 36022:11: Bye Bye [preauth]
May 12 16:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Disconnected from 176.205.243.106 port 36022 [preauth]
May 12 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29759]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29758]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29756]: pam_unix(cron:session): session closed for user p13x
May 12 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29813]: Successful su for rubyman by root
May 12 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29813]: + ??? root:rubyman
May 12 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380060 of user rubyman.
May 12 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29813]: pam_unix(su:session): session closed for user rubyman
May 12 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380060.
May 12 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26902]: pam_unix(cron:session): session closed for user root
May 12 16:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session closed for user samftp
May 12 16:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May 12 16:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: Failed password for root from 193.70.84.184 port 47668 ssh2
May 12 16:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: Connection closed by 193.70.84.184 port 47668 [preauth]
May 12 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28761]: pam_unix(cron:session): session closed for user root
May 12 16:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: Invalid user devel from 197.5.145.8
May 12 16:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: input_userauth_request: invalid user devel [preauth]
May 12 16:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: Failed password for invalid user devel from 197.5.145.8 port 40198 ssh2
May 12 16:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: Received disconnect from 197.5.145.8 port 40198:11: Bye Bye [preauth]
May 12 16:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: Disconnected from 197.5.145.8 port 40198 [preauth]
May 12 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30162]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30163]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30160]: pam_unix(cron:session): session closed for user p13x
May 12 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30219]: Successful su for rubyman by root
May 12 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30219]: + ??? root:rubyman
May 12 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380063 of user rubyman.
May 12 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30219]: pam_unix(su:session): session closed for user rubyman
May 12 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380063.
May 12 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session closed for user root
May 12 16:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30161]: pam_unix(cron:session): session closed for user samftp
May 12 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29304]: pam_unix(cron:session): session closed for user root
May 12 16:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: Invalid user fd from 121.74.213.40
May 12 16:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: input_userauth_request: invalid user fd [preauth]
May 12 16:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.74.213.40
May 12 16:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: Failed password for invalid user fd from 121.74.213.40 port 50579 ssh2
May 12 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30588]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30589]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30587]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30591]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30591]: pam_unix(cron:session): session closed for user root
May 12 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30585]: pam_unix(cron:session): session closed for user p13x
May 12 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30659]: Successful su for rubyman by root
May 12 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30659]: + ??? root:rubyman
May 12 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380068 of user rubyman.
May 12 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30659]: pam_unix(su:session): session closed for user rubyman
May 12 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380068.
May 12 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30587]: pam_unix(cron:session): session closed for user root
May 12 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27919]: pam_unix(cron:session): session closed for user root
May 12 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: Connection closed by 121.74.213.40 port 50579 [preauth]
May 12 16:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30586]: pam_unix(cron:session): session closed for user samftp
May 12 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29759]: pam_unix(cron:session): session closed for user root
May 12 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31121]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31120]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31118]: pam_unix(cron:session): session closed for user p13x
May 12 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31191]: Successful su for rubyman by root
May 12 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31191]: + ??? root:rubyman
May 12 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380074 of user rubyman.
May 12 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31191]: pam_unix(su:session): session closed for user rubyman
May 12 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380074.
May 12 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28323]: pam_unix(cron:session): session closed for user root
May 12 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31119]: pam_unix(cron:session): session closed for user samftp
May 12 16:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30163]: pam_unix(cron:session): session closed for user root
May 12 16:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: Invalid user df from 121.74.213.40
May 12 16:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: input_userauth_request: invalid user df [preauth]
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.74.213.40
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31535]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31536]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31533]: pam_unix(cron:session): session closed for user p13x
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31597]: Successful su for rubyman by root
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31597]: + ??? root:rubyman
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380077 of user rubyman.
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31597]: pam_unix(su:session): session closed for user rubyman
May 12 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380077.
May 12 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: Failed password for invalid user df from 121.74.213.40 port 50704 ssh2
May 12 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28760]: pam_unix(cron:session): session closed for user root
May 12 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31772]: Invalid user  from 85.198.17.145
May 12 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31772]: input_userauth_request: invalid user  [preauth]
May 12 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31534]: pam_unix(cron:session): session closed for user samftp
May 12 16:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31772]: Connection closed by 85.198.17.145 port 40712 [preauth]
May 12 16:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: Failed password for root from 218.92.0.179 port 36209 ssh2
May 12 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 36209 ssh2]
May 12 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: Received disconnect from 218.92.0.179 port 36209:11:  [preauth]
May 12 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: Disconnected from 218.92.0.179 port 36209 [preauth]
May 12 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 16:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30589]: pam_unix(cron:session): session closed for user root
May 12 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32241]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session closed for user p13x
May 12 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: Successful su for rubyman by root
May 12 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: + ??? root:rubyman
May 12 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380081 of user rubyman.
May 12 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: pam_unix(su:session): session closed for user rubyman
May 12 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380081.
May 12 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: Connection closed by 121.74.213.40 port 50704 [preauth]
May 12 16:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29303]: pam_unix(cron:session): session closed for user root
May 12 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session closed for user samftp
May 12 16:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Invalid user hamza from 176.205.243.106
May 12 16:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: input_userauth_request: invalid user hamza [preauth]
May 12 16:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 16:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Failed password for invalid user hamza from 176.205.243.106 port 34124 ssh2
May 12 16:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Received disconnect from 176.205.243.106 port 34124:11: Bye Bye [preauth]
May 12 16:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Disconnected from 176.205.243.106 port 34124 [preauth]
May 12 16:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32608]: Invalid user rd from 197.5.145.8
May 12 16:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32608]: input_userauth_request: invalid user rd [preauth]
May 12 16:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32608]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May 12 16:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32608]: Failed password for invalid user rd from 197.5.145.8 port 40199 ssh2
May 12 16:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32608]: Received disconnect from 197.5.145.8 port 40199:11: Bye Bye [preauth]
May 12 16:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32608]: Disconnected from 197.5.145.8 port 40199 [preauth]
May 12 16:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: Invalid user fd from 121.74.213.40
May 12 16:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: input_userauth_request: invalid user fd [preauth]
May 12 16:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.74.213.40
May 12 16:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: Failed password for invalid user fd from 121.74.213.40 port 50619 ssh2
May 12 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31121]: pam_unix(cron:session): session closed for user root
May 12 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[423]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[427]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[420]: pam_unix(cron:session): session closed for user p13x
May 12 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[522]: Successful su for rubyman by root
May 12 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[522]: + ??? root:rubyman
May 12 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380087 of user rubyman.
May 12 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[522]: pam_unix(su:session): session closed for user rubyman
May 12 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380087.
May 12 16:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29758]: pam_unix(cron:session): session closed for user root
May 12 16:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[422]: pam_unix(cron:session): session closed for user samftp
May 12 16:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31536]: pam_unix(cron:session): session closed for user root
May 12 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[908]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[907]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[908]: pam_unix(cron:session): session closed for user root
May 12 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session closed for user p13x
May 12 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[988]: Successful su for rubyman by root
May 12 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[988]: + ??? root:rubyman
May 12 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380091 of user rubyman.
May 12 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[988]: pam_unix(su:session): session closed for user rubyman
May 12 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380091.
May 12 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30162]: pam_unix(cron:session): session closed for user root
May 12 16:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session closed for user root
May 12 16:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[902]: pam_unix(cron:session): session closed for user samftp
May 12 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32241]: pam_unix(cron:session): session closed for user root
May 12 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1418]: pam_unix(cron:session): session closed for user p13x
May 12 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: Successful su for rubyman by root
May 12 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: + ??? root:rubyman
May 12 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380095 of user rubyman.
May 12 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: pam_unix(su:session): session closed for user rubyman
May 12 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380095.
May 12 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30588]: pam_unix(cron:session): session closed for user root
May 12 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1419]: pam_unix(cron:session): session closed for user samftp
May 12 16:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[427]: pam_unix(cron:session): session closed for user root
May 12 16:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 16:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Failed password for root from 80.94.95.125 port 43658 ssh2
May 12 16:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Received disconnect from 80.94.95.125 port 43658:11: Bye [preauth]
May 12 16:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Disconnected from 80.94.95.125 port 43658 [preauth]
May 12 16:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: Invalid user df from 121.74.213.40
May 12 16:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: input_userauth_request: invalid user df [preauth]
May 12 16:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.74.213.40
May 12 16:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: Failed password for invalid user df from 121.74.213.40 port 50750 ssh2
May 12 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1955]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1954]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1949]: pam_unix(cron:session): session closed for user p13x
May 12 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: Successful su for rubyman by root
May 12 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: + ??? root:rubyman
May 12 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380099 of user rubyman.
May 12 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: pam_unix(su:session): session closed for user rubyman
May 12 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380099.
May 12 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31120]: pam_unix(cron:session): session closed for user root
May 12 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1952]: pam_unix(cron:session): session closed for user samftp
May 12 16:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 16:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Failed password for root from 85.198.17.145 port 41912 ssh2
May 12 16:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Connection closed by 85.198.17.145 port 41912 [preauth]
May 12 16:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: Invalid user pi from 85.198.17.145
May 12 16:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: input_userauth_request: invalid user pi [preauth]
May 12 16:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: Failed password for invalid user pi from 85.198.17.145 port 44858 ssh2
May 12 16:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: Connection closed by 85.198.17.145 port 44858 [preauth]
May 12 16:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Invalid user hive from 85.198.17.145
May 12 16:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: input_userauth_request: invalid user hive [preauth]
May 12 16:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Failed password for invalid user hive from 85.198.17.145 port 44872 ssh2
May 12 16:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Connection closed by 85.198.17.145 port 44872 [preauth]
May 12 16:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Invalid user git from 85.198.17.145
May 12 16:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: input_userauth_request: invalid user git [preauth]
May 12 16:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[907]: pam_unix(cron:session): session closed for user root
May 12 16:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Failed password for invalid user git from 85.198.17.145 port 58986 ssh2
May 12 16:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Connection closed by 85.198.17.145 port 58986 [preauth]
May 12 16:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: Invalid user wang from 85.198.17.145
May 12 16:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: input_userauth_request: invalid user wang [preauth]
May 12 16:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: Failed password for invalid user wang from 85.198.17.145 port 58994 ssh2
May 12 16:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: Connection closed by 85.198.17.145 port 58994 [preauth]
May 12 16:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: Invalid user nginx from 85.198.17.145
May 12 16:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: input_userauth_request: invalid user nginx [preauth]
May 12 16:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: Failed password for invalid user nginx from 85.198.17.145 port 50566 ssh2
May 12 16:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: Connection closed by 85.198.17.145 port 50566 [preauth]
May 12 16:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: Invalid user mongo from 85.198.17.145
May 12 16:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: input_userauth_request: invalid user mongo [preauth]
May 12 16:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: Failed password for invalid user mongo from 85.198.17.145 port 50574 ssh2
May 12 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: Connection closed by 85.198.17.145 port 50574 [preauth]
May 12 16:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: Invalid user user from 85.198.17.145
May 12 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: input_userauth_request: invalid user user [preauth]
May 12 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: Failed password for invalid user user from 85.198.17.145 port 45830 ssh2
May 12 16:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: Connection closed by 85.198.17.145 port 45830 [preauth]
May 12 16:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May 12 16:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Invalid user oracle from 85.198.17.145
May 12 16:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: input_userauth_request: invalid user oracle [preauth]
May 12 16:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: Failed password for root from 50.235.31.47 port 50954 ssh2
May 12 16:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: Connection closed by 50.235.31.47 port 50954 [preauth]
May 12 16:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Failed password for invalid user oracle from 85.198.17.145 port 45842 ssh2
May 12 16:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Connection closed by 85.198.17.145 port 45842 [preauth]
May 12 16:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May 12 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: Invalid user gpadmin from 85.198.17.145
May 12 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: input_userauth_request: invalid user gpadmin [preauth]
May 12 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session closed for user p13x
May 12 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2512]: Successful su for rubyman by root
May 12 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2512]: + ??? root:rubyman
May 12 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380104 of user rubyman.
May 12 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2512]: pam_unix(su:session): session closed for user rubyman
May 12 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380104.
May 12 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2433]: Failed password for root from 164.68.105.9 port 39486 ssh2
May 12 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2433]: Connection closed by 164.68.105.9 port 39486 [preauth]
May 12 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31535]: pam_unix(cron:session): session closed for user root
May 12 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: Failed password for invalid user gpadmin from 85.198.17.145 port 39546 ssh2
May 12 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: Connection closed by 85.198.17.145 port 39546 [preauth]
May 12 16:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2437]: pam_unix(cron:session): session closed for user samftp
May 12 16:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 16:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Failed password for root from 85.198.17.145 port 39548 ssh2
May 12 16:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Connection closed by 85.198.17.145 port 39548 [preauth]
May 12 16:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2726]: Invalid user esroot from 85.198.17.145
May 12 16:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2726]: input_userauth_request: invalid user esroot [preauth]
May 12 16:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2726]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2726]: Failed password for invalid user esroot from 85.198.17.145 port 57934 ssh2
May 12 16:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2726]: Connection closed by 85.198.17.145 port 57934 [preauth]
May 12 16:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: Invalid user gitlab from 85.198.17.145
May 12 16:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: input_userauth_request: invalid user gitlab [preauth]
May 12 16:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: Failed password for invalid user gitlab from 85.198.17.145 port 57948 ssh2
May 12 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: Connection closed by 85.198.17.145 port 57948 [preauth]
May 12 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: Invalid user user9 from 176.205.243.106
May 12 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: input_userauth_request: invalid user user9 [preauth]
May 12 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Invalid user apache from 85.198.17.145
May 12 16:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: input_userauth_request: invalid user apache [preauth]
May 12 16:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: Failed password for invalid user user9 from 176.205.243.106 port 56952 ssh2
May 12 16:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: Received disconnect from 176.205.243.106 port 56952:11: Bye Bye [preauth]
May 12 16:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: Disconnected from 176.205.243.106 port 56952 [preauth]
May 12 16:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Failed password for invalid user apache from 85.198.17.145 port 59834 ssh2
May 12 16:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Connection closed by 85.198.17.145 port 59834 [preauth]
May 12 16:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Invalid user dev from 190.103.202.7
May 12 16:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: input_userauth_request: invalid user dev [preauth]
May 12 16:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 16:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 16:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Failed password for invalid user dev from 190.103.202.7 port 46232 ssh2
May 12 16:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2790]: Failed password for root from 85.198.17.145 port 59848 ssh2
May 12 16:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Connection closed by 190.103.202.7 port 46232 [preauth]
May 12 16:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2790]: Connection closed by 85.198.17.145 port 59848 [preauth]
May 12 16:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session closed for user root
May 12 16:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: Failed password for root from 85.198.17.145 port 37906 ssh2
May 12 16:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: Connection closed by 85.198.17.145 port 37906 [preauth]
May 12 16:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Invalid user user from 85.198.17.145
May 12 16:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: input_userauth_request: invalid user user [preauth]
May 12 16:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Failed password for invalid user user from 85.198.17.145 port 37914 ssh2
May 12 16:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Connection closed by 85.198.17.145 port 37914 [preauth]
May 12 16:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Invalid user lighthouse from 85.198.17.145
May 12 16:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: input_userauth_request: invalid user lighthouse [preauth]
May 12 16:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Failed password for invalid user lighthouse from 85.198.17.145 port 49638 ssh2
May 12 16:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Connection closed by 85.198.17.145 port 49638 [preauth]
May 12 16:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Invalid user flask from 85.198.17.145
May 12 16:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: input_userauth_request: invalid user flask [preauth]
May 12 16:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Failed password for invalid user flask from 85.198.17.145 port 49644 ssh2
May 12 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Connection closed by 85.198.17.145 port 49644 [preauth]
May 12 16:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Invalid user user1 from 85.198.17.145
May 12 16:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: input_userauth_request: invalid user user1 [preauth]
May 12 16:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Failed password for invalid user user1 from 85.198.17.145 port 50324 ssh2
May 12 16:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Connection closed by 85.198.17.145 port 50324 [preauth]
May 12 16:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: Invalid user hadoop from 85.198.17.145
May 12 16:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: input_userauth_request: invalid user hadoop [preauth]
May 12 16:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: Failed password for invalid user hadoop from 85.198.17.145 port 50336 ssh2
May 12 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: Connection closed by 85.198.17.145 port 50336 [preauth]
May 12 16:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: Invalid user oracle from 85.198.17.145
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: input_userauth_request: invalid user oracle [preauth]
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2916]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2915]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2913]: pam_unix(cron:session): session closed for user p13x
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2979]: Successful su for rubyman by root
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2979]: + ??? root:rubyman
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380107 of user rubyman.
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2979]: pam_unix(su:session): session closed for user rubyman
May 12 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380107.
May 12 16:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: Failed password for invalid user oracle from 85.198.17.145 port 54924 ssh2
May 12 16:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: Connection closed by 85.198.17.145 port 54924 [preauth]
May 12 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session closed for user root
May 12 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2914]: pam_unix(cron:session): session closed for user samftp
May 12 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Invalid user test from 85.198.17.145
May 12 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: input_userauth_request: invalid user test [preauth]
May 12 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Failed password for invalid user test from 85.198.17.145 port 54930 ssh2
May 12 16:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Connection closed by 85.198.17.145 port 54930 [preauth]
May 12 16:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: Invalid user df from 121.74.213.40
May 12 16:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: input_userauth_request: invalid user df [preauth]
May 12 16:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.74.213.40
May 12 16:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 16:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: Failed password for invalid user df from 121.74.213.40 port 51149 ssh2
May 12 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: Failed password for root from 85.198.17.145 port 39636 ssh2
May 12 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: Connection closed by 85.198.17.145 port 39636 [preauth]
May 12 16:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Invalid user developer from 85.198.17.145
May 12 16:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: input_userauth_request: invalid user developer [preauth]
May 12 16:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Failed password for invalid user developer from 85.198.17.145 port 39650 ssh2
May 12 16:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Connection closed by 85.198.17.145 port 39650 [preauth]
May 12 16:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 16:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Failed password for root from 85.198.17.145 port 54992 ssh2
May 12 16:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Connection closed by 85.198.17.145 port 54992 [preauth]
May 12 16:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: Connection closed by 121.74.213.40 port 51149 [preauth]
May 12 16:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: User mysql from 85.198.17.145 not allowed because not listed in AllowUsers
May 12 16:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: input_userauth_request: invalid user mysql [preauth]
May 12 16:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=mysql
May 12 16:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: Failed password for invalid user mysql from 85.198.17.145 port 55008 ssh2
May 12 16:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: Connection closed by 85.198.17.145 port 55008 [preauth]
May 12 16:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 16:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: Failed password for root from 85.198.17.145 port 36096 ssh2
May 12 16:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: Connection closed by 85.198.17.145 port 36096 [preauth]
May 12 16:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1955]: pam_unix(cron:session): session closed for user root
May 12 16:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: Invalid user tom from 85.198.17.145
May 12 16:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: input_userauth_request: invalid user tom [preauth]
May 12 16:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: Failed password for invalid user tom from 85.198.17.145 port 36104 ssh2
May 12 16:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: Connection closed by 85.198.17.145 port 36104 [preauth]
May 12 16:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: Failed password for root from 85.198.17.145 port 38822 ssh2
May 12 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: Connection closed by 85.198.17.145 port 38822 [preauth]
May 12 16:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Invalid user oscar from 85.198.17.145
May 12 16:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: input_userauth_request: invalid user oscar [preauth]
May 12 16:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): check pass; user unknown
May 12 16:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 16:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Failed password for invalid user oscar from 85.198.17.145 port 38838 ssh2
May 12 16:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Connection closed by 85.198.17.145 port 38838 [preauth]
May 12 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 16:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: Failed password for root from 85.198.17.145 port 46704 ssh2
May 12 16:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: Connection closed by 85.198.17.145 port 46704 [preauth]
May 12 16:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 16:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 16:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: Failed password for root from 85.198.17.145 port 46718 ssh2
May 12 16:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: Connection closed by 85.198.17.145 port 46718 [preauth]
May 12 17:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3343]: Invalid user user1 from 85.198.17.145
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3343]: input_userauth_request: invalid user user1 [preauth]
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3348]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session closed for user root
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3348]: pam_unix(cron:session): session closed for user root
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3346]: pam_unix(cron:session): session closed for user p13x
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3343]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3468]: Successful su for rubyman by root
May 12 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3468]: + ??? root:rubyman
May 12 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380111 of user rubyman.
May 12 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3468]: pam_unix(su:session): session closed for user rubyman
May 12 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380111.
May 12 17:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3343]: Failed password for invalid user user1 from 85.198.17.145 port 36168 ssh2
May 12 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3343]: Connection closed by 85.198.17.145 port 36168 [preauth]
May 12 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[423]: pam_unix(cron:session): session closed for user root
May 12 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session closed for user root
May 12 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3347]: pam_unix(cron:session): session closed for user samftp
May 12 17:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: Failed password for root from 85.198.17.145 port 36170 ssh2
May 12 17:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: Connection closed by 85.198.17.145 port 36170 [preauth]
May 12 17:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3715]: Invalid user flink from 85.198.17.145
May 12 17:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3715]: input_userauth_request: invalid user flink [preauth]
May 12 17:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3715]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3715]: Failed password for invalid user flink from 85.198.17.145 port 54076 ssh2
May 12 17:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3715]: Connection closed by 85.198.17.145 port 54076 [preauth]
May 12 17:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Invalid user apache from 85.198.17.145
May 12 17:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: input_userauth_request: invalid user apache [preauth]
May 12 17:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Failed password for invalid user apache from 85.198.17.145 port 54082 ssh2
May 12 17:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Connection closed by 85.198.17.145 port 54082 [preauth]
May 12 17:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: Failed password for root from 85.198.17.145 port 44892 ssh2
May 12 17:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: Connection closed by 85.198.17.145 port 44892 [preauth]
May 12 17:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Invalid user nginx from 85.198.17.145
May 12 17:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: input_userauth_request: invalid user nginx [preauth]
May 12 17:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Failed password for invalid user nginx from 85.198.17.145 port 44894 ssh2
May 12 17:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Connection closed by 85.198.17.145 port 44894 [preauth]
May 12 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3784]: Invalid user esuser from 85.198.17.145
May 12 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3784]: input_userauth_request: invalid user esuser [preauth]
May 12 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3784]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3784]: Failed password for invalid user esuser from 85.198.17.145 port 50076 ssh2
May 12 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3784]: Connection closed by 85.198.17.145 port 50076 [preauth]
May 12 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session closed for user root
May 12 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Failed password for root from 85.198.17.145 port 50082 ssh2
May 12 17:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Connection closed by 85.198.17.145 port 50082 [preauth]
May 12 17:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Invalid user git from 85.198.17.145
May 12 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: input_userauth_request: invalid user git [preauth]
May 12 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Failed password for invalid user git from 85.198.17.145 port 33756 ssh2
May 12 17:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Connection closed by 85.198.17.145 port 33756 [preauth]
May 12 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3882]: Invalid user postgres from 85.198.17.145
May 12 17:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3882]: input_userauth_request: invalid user postgres [preauth]
May 12 17:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3882]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3882]: Failed password for invalid user postgres from 85.198.17.145 port 33770 ssh2
May 12 17:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3882]: Connection closed by 85.198.17.145 port 33770 [preauth]
May 12 17:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: Invalid user svnuser from 85.198.17.145
May 12 17:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: input_userauth_request: invalid user svnuser [preauth]
May 12 17:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: Failed password for invalid user svnuser from 85.198.17.145 port 57950 ssh2
May 12 17:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: Connection closed by 85.198.17.145 port 57950 [preauth]
May 12 17:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: Invalid user dolphinscheduler from 85.198.17.145
May 12 17:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 17:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: Failed password for invalid user dolphinscheduler from 85.198.17.145 port 57964 ssh2
May 12 17:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: Connection closed by 85.198.17.145 port 57964 [preauth]
May 12 17:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3925]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session closed for user p13x
May 12 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4024]: Successful su for rubyman by root
May 12 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4024]: + ??? root:rubyman
May 12 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380118 of user rubyman.
May 12 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4024]: pam_unix(su:session): session closed for user rubyman
May 12 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380118.
May 12 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Failed password for root from 85.198.17.145 port 41860 ssh2
May 12 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Connection closed by 85.198.17.145 port 41860 [preauth]
May 12 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: Invalid user plexserver from 85.198.17.145
May 12 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: input_userauth_request: invalid user plexserver [preauth]
May 12 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session closed for user root
May 12 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session closed for user samftp
May 12 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: Failed password for invalid user plexserver from 85.198.17.145 port 41876 ssh2
May 12 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: Connection closed by 85.198.17.145 port 41876 [preauth]
May 12 17:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Invalid user sonar from 85.198.17.145
May 12 17:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: input_userauth_request: invalid user sonar [preauth]
May 12 17:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Failed password for invalid user sonar from 85.198.17.145 port 52556 ssh2
May 12 17:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Connection closed by 85.198.17.145 port 52556 [preauth]
May 12 17:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: Invalid user app from 85.198.17.145
May 12 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: input_userauth_request: invalid user app [preauth]
May 12 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: Failed password for invalid user app from 85.198.17.145 port 52570 ssh2
May 12 17:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: Connection closed by 85.198.17.145 port 52570 [preauth]
May 12 17:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: Invalid user tools from 85.198.17.145
May 12 17:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: input_userauth_request: invalid user tools [preauth]
May 12 17:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: Failed password for invalid user tools from 85.198.17.145 port 52610 ssh2
May 12 17:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: Connection closed by 85.198.17.145 port 52610 [preauth]
May 12 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Invalid user lighthouse from 85.198.17.145
May 12 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: input_userauth_request: invalid user lighthouse [preauth]
May 12 17:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Failed password for invalid user lighthouse from 85.198.17.145 port 52618 ssh2
May 12 17:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Connection closed by 85.198.17.145 port 52618 [preauth]
May 12 17:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: User mysql from 85.198.17.145 not allowed because not listed in AllowUsers
May 12 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: input_userauth_request: invalid user mysql [preauth]
May 12 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=mysql
May 12 17:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: Failed password for invalid user mysql from 85.198.17.145 port 48062 ssh2
May 12 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: Connection closed by 85.198.17.145 port 48062 [preauth]
May 12 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2916]: pam_unix(cron:session): session closed for user root
May 12 17:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Failed password for root from 85.198.17.145 port 48092 ssh2
May 12 17:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Connection closed by 85.198.17.145 port 48092 [preauth]
May 12 17:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: Invalid user gpadmin from 85.198.17.145
May 12 17:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: input_userauth_request: invalid user gpadmin [preauth]
May 12 17:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: Failed password for invalid user gpadmin from 85.198.17.145 port 44614 ssh2
May 12 17:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: Connection closed by 85.198.17.145 port 44614 [preauth]
May 12 17:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Invalid user oracle from 85.198.17.145
May 12 17:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: input_userauth_request: invalid user oracle [preauth]
May 12 17:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Failed password for invalid user oracle from 85.198.17.145 port 44626 ssh2
May 12 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Connection closed by 85.198.17.145 port 44626 [preauth]
May 12 17:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: Failed password for root from 85.198.17.145 port 37294 ssh2
May 12 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: Connection closed by 85.198.17.145 port 37294 [preauth]
May 12 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: Invalid user www from 85.198.17.145
May 12 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: input_userauth_request: invalid user www [preauth]
May 12 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: Failed password for invalid user www from 85.198.17.145 port 37296 ssh2
May 12 17:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: Connection closed by 85.198.17.145 port 37296 [preauth]
May 12 17:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4551]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4552]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session closed for user p13x
May 12 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4614]: Successful su for rubyman by root
May 12 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4614]: + ??? root:rubyman
May 12 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380123 of user rubyman.
May 12 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4614]: pam_unix(su:session): session closed for user rubyman
May 12 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380123.
May 12 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: Failed password for root from 85.198.17.145 port 39982 ssh2
May 12 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: Connection closed by 85.198.17.145 port 39982 [preauth]
May 12 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session closed for user root
May 12 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4744]: Invalid user oscar from 85.198.17.145
May 12 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4744]: input_userauth_request: invalid user oscar [preauth]
May 12 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4744]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4550]: pam_unix(cron:session): session closed for user samftp
May 12 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4744]: Failed password for invalid user oscar from 85.198.17.145 port 39984 ssh2
May 12 17:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4744]: Connection closed by 85.198.17.145 port 39984 [preauth]
May 12 17:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: Invalid user test from 85.198.17.145
May 12 17:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: input_userauth_request: invalid user test [preauth]
May 12 17:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: Failed password for invalid user test from 85.198.17.145 port 60638 ssh2
May 12 17:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: Connection closed by 85.198.17.145 port 60638 [preauth]
May 12 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4822]: Invalid user admin from 85.198.17.145
May 12 17:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4822]: input_userauth_request: invalid user admin [preauth]
May 12 17:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4822]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 17:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4822]: Failed password for invalid user admin from 85.198.17.145 port 60652 ssh2
May 12 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4822]: Connection closed by 85.198.17.145 port 60652 [preauth]
May 12 17:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for root from 218.92.0.209 port 51958 ssh2
May 12 17:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for root from 218.92.0.209 port 51958 ssh2
May 12 17:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: Failed password for root from 85.198.17.145 port 42176 ssh2
May 12 17:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: Connection closed by 85.198.17.145 port 42176 [preauth]
May 12 17:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4861]: Invalid user app from 85.198.17.145
May 12 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4861]: input_userauth_request: invalid user app [preauth]
May 12 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4861]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for root from 218.92.0.209 port 51958 ssh2
May 12 17:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4861]: Failed password for invalid user app from 85.198.17.145 port 42190 ssh2
May 12 17:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4861]: Connection closed by 85.198.17.145 port 42190 [preauth]
May 12 17:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for root from 218.92.0.209 port 51958 ssh2
May 12 17:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4886]: Invalid user elastic from 85.198.17.145
May 12 17:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4886]: input_userauth_request: invalid user elastic [preauth]
May 12 17:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4886]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for root from 218.92.0.209 port 51958 ssh2
May 12 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 51958 ssh2 [preauth]
May 12 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Disconnecting: Too many authentication failures [preauth]
May 12 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 17:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4886]: Failed password for invalid user elastic from 85.198.17.145 port 39370 ssh2
May 12 17:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4886]: Connection closed by 85.198.17.145 port 39370 [preauth]
May 12 17:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session closed for user root
May 12 17:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Failed password for root from 218.92.0.209 port 26904 ssh2
May 12 17:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Failed password for root from 85.198.17.145 port 39372 ssh2
May 12 17:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Connection closed by 85.198.17.145 port 39372 [preauth]
May 12 17:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Invalid user guest from 85.198.17.145
May 12 17:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: input_userauth_request: invalid user guest [preauth]
May 12 17:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Failed password for root from 218.92.0.209 port 26904 ssh2
May 12 17:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Failed password for invalid user guest from 85.198.17.145 port 52084 ssh2
May 12 17:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Connection closed by 85.198.17.145 port 52084 [preauth]
May 12 17:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Failed password for root from 218.92.0.209 port 26904 ssh2
May 12 17:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Failed password for root from 218.92.0.209 port 26904 ssh2
May 12 17:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4951]: Failed password for root from 85.198.17.145 port 52088 ssh2
May 12 17:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4951]: Connection closed by 85.198.17.145 port 52088 [preauth]
May 12 17:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: Invalid user sonar from 85.198.17.145
May 12 17:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: input_userauth_request: invalid user sonar [preauth]
May 12 17:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Failed password for root from 218.92.0.209 port 26904 ssh2
May 12 17:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: Failed password for invalid user sonar from 85.198.17.145 port 41362 ssh2
May 12 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: Connection closed by 85.198.17.145 port 41362 [preauth]
May 12 17:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Failed password for root from 218.92.0.209 port 26904 ssh2
May 12 17:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 26904 ssh2 [preauth]
May 12 17:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Disconnecting: Too many authentication failures [preauth]
May 12 17:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 17:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 17:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: Invalid user jumpserver from 85.198.17.145
May 12 17:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: input_userauth_request: invalid user jumpserver [preauth]
May 12 17:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 17:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: Failed password for invalid user jumpserver from 85.198.17.145 port 41376 ssh2
May 12 17:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: Connection closed by 85.198.17.145 port 41376 [preauth]
May 12 17:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: Failed password for root from 218.92.0.209 port 14896 ssh2
May 12 17:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: Received disconnect from 218.92.0.209 port 14896:11:  [preauth]
May 12 17:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: Disconnected from 218.92.0.209 port 14896 [preauth]
May 12 17:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Invalid user tom from 85.198.17.145
May 12 17:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: input_userauth_request: invalid user tom [preauth]
May 12 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Failed password for invalid user tom from 85.198.17.145 port 57842 ssh2
May 12 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Connection closed by 85.198.17.145 port 57842 [preauth]
May 12 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5196]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5195]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5193]: pam_unix(cron:session): session closed for user p13x
May 12 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5265]: Successful su for rubyman by root
May 12 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5265]: + ??? root:rubyman
May 12 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380126 of user rubyman.
May 12 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5265]: pam_unix(su:session): session closed for user rubyman
May 12 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380126.
May 12 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1954]: pam_unix(cron:session): session closed for user root
May 12 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: Failed password for root from 85.198.17.145 port 57846 ssh2
May 12 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5194]: pam_unix(cron:session): session closed for user samftp
May 12 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: Connection closed by 85.198.17.145 port 57846 [preauth]
May 12 17:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: Invalid user git from 85.198.17.145
May 12 17:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: input_userauth_request: invalid user git [preauth]
May 12 17:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: Failed password for invalid user git from 85.198.17.145 port 51244 ssh2
May 12 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: Connection closed by 85.198.17.145 port 51244 [preauth]
May 12 17:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: Invalid user ranger from 85.198.17.145
May 12 17:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: input_userauth_request: invalid user ranger [preauth]
May 12 17:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: Failed password for invalid user ranger from 85.198.17.145 port 51260 ssh2
May 12 17:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: Connection closed by 85.198.17.145 port 51260 [preauth]
May 12 17:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Failed password for root from 85.198.17.145 port 36164 ssh2
May 12 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Connection closed by 85.198.17.145 port 36164 [preauth]
May 12 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Invalid user appuser from 85.198.17.145
May 12 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: input_userauth_request: invalid user appuser [preauth]
May 12 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Failed password for invalid user appuser from 85.198.17.145 port 36186 ssh2
May 12 17:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Connection closed by 85.198.17.145 port 36186 [preauth]
May 12 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Invalid user tom from 85.198.17.145
May 12 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: input_userauth_request: invalid user tom [preauth]
May 12 17:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Failed password for invalid user tom from 85.198.17.145 port 36198 ssh2
May 12 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Connection closed by 85.198.17.145 port 36198 [preauth]
May 12 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: Invalid user anas from 176.205.243.106
May 12 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: input_userauth_request: invalid user anas [preauth]
May 12 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106
May 12 17:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: Failed password for invalid user anas from 176.205.243.106 port 43102 ssh2
May 12 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: Received disconnect from 176.205.243.106 port 43102:11: Bye Bye [preauth]
May 12 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: Disconnected from 176.205.243.106 port 43102 [preauth]
May 12 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3925]: pam_unix(cron:session): session closed for user root
May 12 17:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: Failed password for root from 85.198.17.145 port 55272 ssh2
May 12 17:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: Connection closed by 85.198.17.145 port 55272 [preauth]
May 12 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: Invalid user ubuntu from 85.198.17.145
May 12 17:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: input_userauth_request: invalid user ubuntu [preauth]
May 12 17:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: Failed password for invalid user ubuntu from 85.198.17.145 port 55284 ssh2
May 12 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: Connection closed by 85.198.17.145 port 55284 [preauth]
May 12 17:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Invalid user elsearch from 85.198.17.145
May 12 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: input_userauth_request: invalid user elsearch [preauth]
May 12 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Failed password for invalid user elsearch from 85.198.17.145 port 52172 ssh2
May 12 17:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Connection closed by 85.198.17.145 port 52172 [preauth]
May 12 17:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Invalid user nginx from 85.198.17.145
May 12 17:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: input_userauth_request: invalid user nginx [preauth]
May 12 17:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Failed password for invalid user nginx from 85.198.17.145 port 52192 ssh2
May 12 17:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Connection closed by 85.198.17.145 port 52192 [preauth]
May 12 17:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: Invalid user rancher from 85.198.17.145
May 12 17:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: input_userauth_request: invalid user rancher [preauth]
May 12 17:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: Failed password for invalid user rancher from 85.198.17.145 port 52012 ssh2
May 12 17:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: Connection closed by 85.198.17.145 port 52012 [preauth]
May 12 17:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: Failed password for root from 85.198.17.145 port 52016 ssh2
May 12 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: Connection closed by 85.198.17.145 port 52016 [preauth]
May 12 17:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5701]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5703]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5699]: pam_unix(cron:session): session closed for user p13x
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: Successful su for rubyman by root
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: + ??? root:rubyman
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380132 of user rubyman.
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: pam_unix(su:session): session closed for user rubyman
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380132.
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: Invalid user rancher from 85.198.17.145
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: input_userauth_request: invalid user rancher [preauth]
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: Failed password for invalid user rancher from 85.198.17.145 port 48954 ssh2
May 12 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5694]: Connection closed by 85.198.17.145 port 48954 [preauth]
May 12 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session closed for user root
May 12 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5700]: pam_unix(cron:session): session closed for user samftp
May 12 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: Invalid user es from 85.198.17.145
May 12 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: input_userauth_request: invalid user es [preauth]
May 12 17:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: Failed password for invalid user es from 85.198.17.145 port 48972 ssh2
May 12 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: Connection closed by 85.198.17.145 port 48972 [preauth]
May 12 17:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6050]: Failed password for root from 85.198.17.145 port 38888 ssh2
May 12 17:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6050]: Connection closed by 85.198.17.145 port 38888 [preauth]
May 12 17:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Invalid user user from 85.198.17.145
May 12 17:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: input_userauth_request: invalid user user [preauth]
May 12 17:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Failed password for invalid user user from 85.198.17.145 port 38902 ssh2
May 12 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Connection closed by 85.198.17.145 port 38902 [preauth]
May 12 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Failed password for root from 85.198.17.145 port 34426 ssh2
May 12 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Connection closed by 85.198.17.145 port 34426 [preauth]
May 12 17:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Invalid user uftp from 85.198.17.145
May 12 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: input_userauth_request: invalid user uftp [preauth]
May 12 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for invalid user uftp from 85.198.17.145 port 34428 ssh2
May 12 17:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Connection closed by 85.198.17.145 port 34428 [preauth]
May 12 17:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: Invalid user data from 85.198.17.145
May 12 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: input_userauth_request: invalid user data [preauth]
May 12 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4552]: pam_unix(cron:session): session closed for user root
May 12 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: Failed password for invalid user data from 85.198.17.145 port 51434 ssh2
May 12 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: Connection closed by 85.198.17.145 port 51434 [preauth]
May 12 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Invalid user bigdata from 85.198.17.145
May 12 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: input_userauth_request: invalid user bigdata [preauth]
May 12 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Failed password for invalid user bigdata from 85.198.17.145 port 51438 ssh2
May 12 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Connection closed by 85.198.17.145 port 51438 [preauth]
May 12 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: Invalid user oracle from 85.198.17.145
May 12 17:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: input_userauth_request: invalid user oracle [preauth]
May 12 17:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: Failed password for invalid user oracle from 85.198.17.145 port 57996 ssh2
May 12 17:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: Connection closed by 85.198.17.145 port 57996 [preauth]
May 12 17:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Invalid user plex from 85.198.17.145
May 12 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: input_userauth_request: invalid user plex [preauth]
May 12 17:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Failed password for invalid user plex from 85.198.17.145 port 58012 ssh2
May 12 17:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Connection closed by 85.198.17.145 port 58012 [preauth]
May 12 17:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: Invalid user steam from 85.198.17.145
May 12 17:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: input_userauth_request: invalid user steam [preauth]
May 12 17:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: Failed password for invalid user steam from 85.198.17.145 port 59864 ssh2
May 12 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: Connection closed by 85.198.17.145 port 59864 [preauth]
May 12 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6212]: Invalid user esuser from 85.198.17.145
May 12 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6212]: input_userauth_request: invalid user esuser [preauth]
May 12 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6212]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6212]: Failed password for invalid user esuser from 85.198.17.145 port 59866 ssh2
May 12 17:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6212]: Connection closed by 85.198.17.145 port 59866 [preauth]
May 12 17:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Invalid user observer from 85.198.17.145
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: input_userauth_request: invalid user observer [preauth]
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6231]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6228]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6229]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6231]: pam_unix(cron:session): session closed for user root
May 12 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6225]: pam_unix(cron:session): session closed for user p13x
May 12 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6298]: Successful su for rubyman by root
May 12 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6298]: + ??? root:rubyman
May 12 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380134 of user rubyman.
May 12 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6298]: pam_unix(su:session): session closed for user rubyman
May 12 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380134.
May 12 17:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Failed password for invalid user observer from 85.198.17.145 port 45140 ssh2
May 12 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Connection closed by 85.198.17.145 port 45140 [preauth]
May 12 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session closed for user root
May 12 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2915]: pam_unix(cron:session): session closed for user root
May 12 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: Invalid user docker from 85.198.17.145
May 12 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: input_userauth_request: invalid user docker [preauth]
May 12 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6226]: pam_unix(cron:session): session closed for user samftp
May 12 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: Failed password for invalid user docker from 85.198.17.145 port 45154 ssh2
May 12 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: Connection closed by 85.198.17.145 port 45154 [preauth]
May 12 17:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Invalid user user from 85.198.17.145
May 12 17:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: input_userauth_request: invalid user user [preauth]
May 12 17:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Failed password for invalid user user from 85.198.17.145 port 36678 ssh2
May 12 17:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Connection closed by 85.198.17.145 port 36678 [preauth]
May 12 17:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Invalid user elastic from 85.198.17.145
May 12 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: input_userauth_request: invalid user elastic [preauth]
May 12 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Failed password for invalid user elastic from 85.198.17.145 port 36692 ssh2
May 12 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Connection closed by 85.198.17.145 port 36692 [preauth]
May 12 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6541]: Invalid user oracle from 85.198.17.145
May 12 17:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6541]: input_userauth_request: invalid user oracle [preauth]
May 12 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6541]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6541]: Failed password for invalid user oracle from 85.198.17.145 port 34946 ssh2
May 12 17:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6541]: Connection closed by 85.198.17.145 port 34946 [preauth]
May 12 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: Invalid user postgres from 85.198.17.145
May 12 17:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: input_userauth_request: invalid user postgres [preauth]
May 12 17:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: Failed password for invalid user postgres from 85.198.17.145 port 34960 ssh2
May 12 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: Connection closed by 85.198.17.145 port 34960 [preauth]
May 12 17:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: Invalid user ts from 85.198.17.145
May 12 17:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: input_userauth_request: invalid user ts [preauth]
May 12 17:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: Failed password for invalid user ts from 85.198.17.145 port 57440 ssh2
May 12 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: Connection closed by 85.198.17.145 port 57440 [preauth]
May 12 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5196]: pam_unix(cron:session): session closed for user root
May 12 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6602]: Failed password for root from 85.198.17.145 port 57442 ssh2
May 12 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6602]: Connection closed by 85.198.17.145 port 57442 [preauth]
May 12 17:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6618]: Invalid user ftpuser from 85.198.17.145
May 12 17:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6618]: input_userauth_request: invalid user ftpuser [preauth]
May 12 17:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6618]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6618]: Failed password for invalid user ftpuser from 85.198.17.145 port 51684 ssh2
May 12 17:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6618]: Connection closed by 85.198.17.145 port 51684 [preauth]
May 12 17:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6645]: Invalid user test from 85.198.17.145
May 12 17:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6645]: input_userauth_request: invalid user test [preauth]
May 12 17:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6645]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6645]: Failed password for invalid user test from 85.198.17.145 port 51696 ssh2
May 12 17:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6645]: Connection closed by 85.198.17.145 port 51696 [preauth]
May 12 17:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: Invalid user gitlab from 85.198.17.145
May 12 17:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: input_userauth_request: invalid user gitlab [preauth]
May 12 17:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: Failed password for invalid user gitlab from 85.198.17.145 port 38242 ssh2
May 12 17:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: Connection closed by 85.198.17.145 port 38242 [preauth]
May 12 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: Invalid user guest from 85.198.17.145
May 12 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: input_userauth_request: invalid user guest [preauth]
May 12 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: Failed password for invalid user guest from 85.198.17.145 port 38258 ssh2
May 12 17:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: Connection closed by 85.198.17.145 port 38258 [preauth]
May 12 17:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Invalid user worker from 85.198.17.145
May 12 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: input_userauth_request: invalid user worker [preauth]
May 12 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6692]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session closed for user p13x
May 12 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: Successful su for rubyman by root
May 12 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: + ??? root:rubyman
May 12 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380141 of user rubyman.
May 12 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: pam_unix(su:session): session closed for user rubyman
May 12 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380141.
May 12 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May 12 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Failed password for invalid user worker from 85.198.17.145 port 50002 ssh2
May 12 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Connection closed by 85.198.17.145 port 50002 [preauth]
May 12 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Failed password for root from 218.92.0.212 port 24282 ssh2
May 12 17:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Invalid user flask from 85.198.17.145
May 12 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: input_userauth_request: invalid user flask [preauth]
May 12 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session closed for user root
May 12 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6691]: pam_unix(cron:session): session closed for user samftp
May 12 17:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Failed password for root from 218.92.0.212 port 24282 ssh2
May 12 17:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Failed password for invalid user flask from 85.198.17.145 port 50016 ssh2
May 12 17:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Connection closed by 85.198.17.145 port 50016 [preauth]
May 12 17:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: Invalid user gpuadmin from 85.198.17.145
May 12 17:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: input_userauth_request: invalid user gpuadmin [preauth]
May 12 17:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Failed password for root from 218.92.0.212 port 24282 ssh2
May 12 17:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: Failed password for invalid user gpuadmin from 85.198.17.145 port 33044 ssh2
May 12 17:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: Connection closed by 85.198.17.145 port 33044 [preauth]
May 12 17:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Failed password for root from 218.92.0.212 port 24282 ssh2
May 12 17:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: Invalid user zabbix from 85.198.17.145
May 12 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: input_userauth_request: invalid user zabbix [preauth]
May 12 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Failed password for root from 218.92.0.212 port 24282 ssh2
May 12 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: error: maximum authentication attempts exceeded for root from 218.92.0.212 port 24282 ssh2 [preauth]
May 12 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Disconnecting: Too many authentication failures [preauth]
May 12 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May 12 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 17:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: Failed password for invalid user zabbix from 85.198.17.145 port 33058 ssh2
May 12 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: Connection closed by 85.198.17.145 port 33058 [preauth]
May 12 17:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7084]: Failed password for root from 85.198.17.145 port 58980 ssh2
May 12 17:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7084]: Connection closed by 85.198.17.145 port 58980 [preauth]
May 12 17:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: Invalid user flask from 85.198.17.145
May 12 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: input_userauth_request: invalid user flask [preauth]
May 12 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: Failed password for invalid user flask from 85.198.17.145 port 58984 ssh2
May 12 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: Connection closed by 85.198.17.145 port 58984 [preauth]
May 12 17:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7129]: Invalid user gitlab from 85.198.17.145
May 12 17:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7129]: input_userauth_request: invalid user gitlab [preauth]
May 12 17:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7129]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7129]: Failed password for invalid user gitlab from 85.198.17.145 port 56968 ssh2
May 12 17:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7129]: Connection closed by 85.198.17.145 port 56968 [preauth]
May 12 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5703]: pam_unix(cron:session): session closed for user root
May 12 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7149]: Invalid user testuser from 85.198.17.145
May 12 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7149]: input_userauth_request: invalid user testuser [preauth]
May 12 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7149]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7149]: Failed password for invalid user testuser from 85.198.17.145 port 56972 ssh2
May 12 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7149]: Connection closed by 85.198.17.145 port 56972 [preauth]
May 12 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: Invalid user postgres from 85.198.17.145
May 12 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: input_userauth_request: invalid user postgres [preauth]
May 12 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May 12 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: Failed password for invalid user postgres from 85.198.17.145 port 52468 ssh2
May 12 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: Connection closed by 85.198.17.145 port 52468 [preauth]
May 12 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Failed password for root from 218.92.0.212 port 47582 ssh2
May 12 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: Invalid user jenkins from 85.198.17.145
May 12 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: input_userauth_request: invalid user jenkins [preauth]
May 12 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Failed password for root from 218.92.0.212 port 47582 ssh2
May 12 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: Failed password for invalid user jenkins from 85.198.17.145 port 52480 ssh2
May 12 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: Connection closed by 85.198.17.145 port 52480 [preauth]
May 12 17:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Failed password for root from 218.92.0.212 port 47582 ssh2
May 12 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: Failed password for root from 85.198.17.145 port 44118 ssh2
May 12 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Failed password for root from 218.92.0.212 port 47582 ssh2
May 12 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: Connection closed by 85.198.17.145 port 44118 [preauth]
May 12 17:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Invalid user admin from 85.198.17.145
May 12 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: input_userauth_request: invalid user admin [preauth]
May 12 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Failed password for invalid user admin from 85.198.17.145 port 44130 ssh2
May 12 17:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Connection closed by 85.198.17.145 port 44130 [preauth]
May 12 17:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Invalid user weblogic from 85.198.17.145
May 12 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: input_userauth_request: invalid user weblogic [preauth]
May 12 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Failed password for invalid user weblogic from 85.198.17.145 port 60532 ssh2
May 12 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Connection closed by 85.198.17.145 port 60532 [preauth]
May 12 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7247]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7248]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session closed for user p13x
May 12 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7310]: Successful su for rubyman by root
May 12 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7310]: + ??? root:rubyman
May 12 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380144 of user rubyman.
May 12 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7310]: pam_unix(su:session): session closed for user rubyman
May 12 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380144.
May 12 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Invalid user centos from 85.198.17.145
May 12 17:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: input_userauth_request: invalid user centos [preauth]
May 12 17:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session closed for user root
May 12 17:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Failed password for invalid user centos from 85.198.17.145 port 60548 ssh2
May 12 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Connection closed by 85.198.17.145 port 60548 [preauth]
May 12 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session closed for user samftp
May 12 17:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: Invalid user steam from 85.198.17.145
May 12 17:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: input_userauth_request: invalid user steam [preauth]
May 12 17:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: Failed password for invalid user steam from 85.198.17.145 port 59810 ssh2
May 12 17:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: Connection closed by 85.198.17.145 port 59810 [preauth]
May 12 17:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: Invalid user test from 85.198.17.145
May 12 17:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: input_userauth_request: invalid user test [preauth]
May 12 17:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: Failed password for invalid user test from 85.198.17.145 port 59824 ssh2
May 12 17:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: Connection closed by 85.198.17.145 port 59824 [preauth]
May 12 17:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: Invalid user test from 85.198.17.145
May 12 17:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: input_userauth_request: invalid user test [preauth]
May 12 17:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: Failed password for invalid user test from 85.198.17.145 port 44896 ssh2
May 12 17:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: Connection closed by 85.198.17.145 port 44896 [preauth]
May 12 17:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: Failed password for root from 85.198.17.145 port 44902 ssh2
May 12 17:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: Connection closed by 85.198.17.145 port 44902 [preauth]
May 12 17:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: Invalid user centos from 85.198.17.145
May 12 17:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: input_userauth_request: invalid user centos [preauth]
May 12 17:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: Failed password for invalid user centos from 85.198.17.145 port 44918 ssh2
May 12 17:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: Connection closed by 85.198.17.145 port 44918 [preauth]
May 12 17:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: Invalid user tomcat from 85.198.17.145
May 12 17:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: input_userauth_request: invalid user tomcat [preauth]
May 12 17:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: Failed password for invalid user tomcat from 85.198.17.145 port 35786 ssh2
May 12 17:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6229]: pam_unix(cron:session): session closed for user root
May 12 17:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: Connection closed by 85.198.17.145 port 35786 [preauth]
May 12 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: User mysql from 85.198.17.145 not allowed because not listed in AllowUsers
May 12 17:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: input_userauth_request: invalid user mysql [preauth]
May 12 17:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=mysql
May 12 17:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Failed password for invalid user mysql from 85.198.17.145 port 35804 ssh2
May 12 17:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Connection closed by 85.198.17.145 port 35804 [preauth]
May 12 17:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7732]: Failed password for root from 85.198.17.145 port 60250 ssh2
May 12 17:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7732]: Connection closed by 85.198.17.145 port 60250 [preauth]
May 12 17:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Failed password for root from 85.198.17.145 port 60252 ssh2
May 12 17:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Connection closed by 85.198.17.145 port 60252 [preauth]
May 12 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: Invalid user zabbix from 85.198.17.145
May 12 17:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: input_userauth_request: invalid user zabbix [preauth]
May 12 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: Failed password for invalid user zabbix from 85.198.17.145 port 59998 ssh2
May 12 17:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: Connection closed by 85.198.17.145 port 59998 [preauth]
May 12 17:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Invalid user kubernetes from 85.198.17.145
May 12 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: input_userauth_request: invalid user kubernetes [preauth]
May 12 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Failed password for invalid user kubernetes from 85.198.17.145 port 60014 ssh2
May 12 17:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Connection closed by 85.198.17.145 port 60014 [preauth]
May 12 17:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: Invalid user observer from 85.198.17.145
May 12 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: input_userauth_request: invalid user observer [preauth]
May 12 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7804]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7805]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7800]: pam_unix(cron:session): session closed for user p13x
May 12 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7864]: Successful su for rubyman by root
May 12 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7864]: + ??? root:rubyman
May 12 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380149 of user rubyman.
May 12 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7864]: pam_unix(su:session): session closed for user rubyman
May 12 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380149.
May 12 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: Failed password for invalid user observer from 85.198.17.145 port 33870 ssh2
May 12 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: Connection closed by 85.198.17.145 port 33870 [preauth]
May 12 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4551]: pam_unix(cron:session): session closed for user root
May 12 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: Invalid user hadoop from 85.198.17.145
May 12 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: input_userauth_request: invalid user hadoop [preauth]
May 12 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7803]: pam_unix(cron:session): session closed for user samftp
May 12 17:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: Failed password for invalid user hadoop from 85.198.17.145 port 33872 ssh2
May 12 17:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Invalid user onlyfans from 121.74.213.40
May 12 17:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: input_userauth_request: invalid user onlyfans [preauth]
May 12 17:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: Connection closed by 85.198.17.145 port 33872 [preauth]
May 12 17:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8056]: Invalid user bot from 85.198.17.145
May 12 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8056]: input_userauth_request: invalid user bot [preauth]
May 12 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.74.213.40
May 12 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8056]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Failed password for invalid user onlyfans from 121.74.213.40 port 51575 ssh2
May 12 17:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8056]: Failed password for invalid user bot from 85.198.17.145 port 42706 ssh2
May 12 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8056]: Connection closed by 85.198.17.145 port 42706 [preauth]
May 12 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8084]: Invalid user debianuser from 85.198.17.145
May 12 17:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8084]: input_userauth_request: invalid user debianuser [preauth]
May 12 17:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8084]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8084]: Failed password for invalid user debianuser from 85.198.17.145 port 42712 ssh2
May 12 17:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8084]: Connection closed by 85.198.17.145 port 42712 [preauth]
May 12 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Invalid user ranger from 85.198.17.145
May 12 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: input_userauth_request: invalid user ranger [preauth]
May 12 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Failed password for invalid user ranger from 85.198.17.145 port 49320 ssh2
May 12 17:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Connection closed by 85.198.17.145 port 49320 [preauth]
May 12 17:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: Invalid user oracle from 85.198.17.145
May 12 17:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: input_userauth_request: invalid user oracle [preauth]
May 12 17:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: Failed password for invalid user oracle from 85.198.17.145 port 49328 ssh2
May 12 17:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: Connection closed by 85.198.17.145 port 49328 [preauth]
May 12 17:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: User ftp from 85.198.17.145 not allowed because not listed in AllowUsers
May 12 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: input_userauth_request: invalid user ftp [preauth]
May 12 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=ftp
May 12 17:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: Failed password for invalid user ftp from 85.198.17.145 port 33476 ssh2
May 12 17:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: Connection closed by 85.198.17.145 port 33476 [preauth]
May 12 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session closed for user root
May 12 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Invalid user elastic from 85.198.17.145
May 12 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: input_userauth_request: invalid user elastic [preauth]
May 12 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Failed password for invalid user elastic from 85.198.17.145 port 33488 ssh2
May 12 17:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Connection closed by 85.198.17.145 port 33488 [preauth]
May 12 17:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.205.243.106  user=root
May 12 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8193]: Failed password for root from 85.198.17.145 port 58358 ssh2
May 12 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8193]: Connection closed by 85.198.17.145 port 58358 [preauth]
May 12 17:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: Failed password for root from 176.205.243.106 port 41966 ssh2
May 12 17:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: Received disconnect from 176.205.243.106 port 41966:11: Bye Bye [preauth]
May 12 17:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: Disconnected from 176.205.243.106 port 41966 [preauth]
May 12 17:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: Invalid user admin from 85.198.17.145
May 12 17:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: input_userauth_request: invalid user admin [preauth]
May 12 17:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: Failed password for invalid user admin from 85.198.17.145 port 58360 ssh2
May 12 17:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: Connection closed by 85.198.17.145 port 58360 [preauth]
May 12 17:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: Invalid user default from 85.198.17.145
May 12 17:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: input_userauth_request: invalid user default [preauth]
May 12 17:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: Failed password for invalid user default from 85.198.17.145 port 42920 ssh2
May 12 17:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: Connection closed by 85.198.17.145 port 42920 [preauth]
May 12 17:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: Invalid user tomcat from 85.198.17.145
May 12 17:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: input_userauth_request: invalid user tomcat [preauth]
May 12 17:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: Failed password for invalid user tomcat from 85.198.17.145 port 42924 ssh2
May 12 17:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: Connection closed by 85.198.17.145 port 42924 [preauth]
May 12 17:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: Invalid user gitlab from 85.198.17.145
May 12 17:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: input_userauth_request: invalid user gitlab [preauth]
May 12 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8262]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8257]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session closed for user p13x
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: Failed password for invalid user gitlab from 85.198.17.145 port 44548 ssh2
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8380]: Successful su for rubyman by root
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8380]: + ??? root:rubyman
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380153 of user rubyman.
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8380]: pam_unix(su:session): session closed for user rubyman
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380153.
May 12 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: Connection closed by 85.198.17.145 port 44548 [preauth]
May 12 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8257]: pam_unix(cron:session): session closed for user root
May 12 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5195]: pam_unix(cron:session): session closed for user root
May 12 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8485]: Failed password for root from 85.198.17.145 port 44550 ssh2
May 12 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8485]: Connection closed by 85.198.17.145 port 44550 [preauth]
May 12 17:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session closed for user samftp
May 12 17:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8617]: Invalid user hadoop from 85.198.17.145
May 12 17:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8617]: input_userauth_request: invalid user hadoop [preauth]
May 12 17:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8617]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8617]: Failed password for invalid user hadoop from 85.198.17.145 port 38910 ssh2
May 12 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8617]: Connection closed by 85.198.17.145 port 38910 [preauth]
May 12 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: Invalid user tools from 85.198.17.145
May 12 17:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: input_userauth_request: invalid user tools [preauth]
May 12 17:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: Failed password for invalid user tools from 85.198.17.145 port 38918 ssh2
May 12 17:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: Connection closed by 85.198.17.145 port 38918 [preauth]
May 12 17:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Invalid user admin from 85.198.17.145
May 12 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: input_userauth_request: invalid user admin [preauth]
May 12 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Failed password for invalid user admin from 85.198.17.145 port 43456 ssh2
May 12 17:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Connection closed by 85.198.17.145 port 43456 [preauth]
May 12 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Invalid user www from 85.198.17.145
May 12 17:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: input_userauth_request: invalid user www [preauth]
May 12 17:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Failed password for invalid user www from 85.198.17.145 port 43470 ssh2
May 12 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Connection closed by 85.198.17.145 port 43470 [preauth]
May 12 17:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Failed password for root from 85.198.17.145 port 43478 ssh2
May 12 17:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Connection closed by 85.198.17.145 port 43478 [preauth]
May 12 17:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7248]: pam_unix(cron:session): session closed for user root
May 12 17:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: Failed password for root from 85.198.17.145 port 46578 ssh2
May 12 17:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: Connection closed by 85.198.17.145 port 46578 [preauth]
May 12 17:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 17:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: Invalid user es from 85.198.17.145
May 12 17:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: input_userauth_request: invalid user es [preauth]
May 12 17:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Failed password for root from 80.94.95.125 port 53151 ssh2
May 12 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Received disconnect from 80.94.95.125 port 53151:11: Bye [preauth]
May 12 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Disconnected from 80.94.95.125 port 53151 [preauth]
May 12 17:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: Failed password for invalid user es from 85.198.17.145 port 46582 ssh2
May 12 17:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: Connection closed by 85.198.17.145 port 46582 [preauth]
May 12 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Connection closed by 121.74.213.40 port 51575 [preauth]
May 12 17:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Failed password for root from 85.198.17.145 port 54944 ssh2
May 12 17:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Connection closed by 85.198.17.145 port 54944 [preauth]
May 12 17:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8771]: Invalid user oracle from 85.198.17.145
May 12 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8771]: input_userauth_request: invalid user oracle [preauth]
May 12 17:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8771]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8771]: Failed password for invalid user oracle from 85.198.17.145 port 54952 ssh2
May 12 17:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8771]: Connection closed by 85.198.17.145 port 54952 [preauth]
May 12 17:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8781]: Invalid user uftp from 85.198.17.145
May 12 17:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8781]: input_userauth_request: invalid user uftp [preauth]
May 12 17:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8781]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8781]: Failed password for invalid user uftp from 85.198.17.145 port 44560 ssh2
May 12 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8781]: Connection closed by 85.198.17.145 port 44560 [preauth]
May 12 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: Invalid user flink from 85.198.17.145
May 12 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: input_userauth_request: invalid user flink [preauth]
May 12 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: Invalid user df from 121.74.213.40
May 12 17:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: input_userauth_request: invalid user df [preauth]
May 12 17:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: Failed password for invalid user flink from 85.198.17.145 port 44562 ssh2
May 12 17:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: Connection closed by 85.198.17.145 port 44562 [preauth]
May 12 17:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.74.213.40
May 12 17:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: Failed password for invalid user df from 121.74.213.40 port 50594 ssh2
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8813]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8811]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8812]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8810]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8813]: pam_unix(cron:session): session closed for user root
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session closed for user p13x
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Invalid user gitlab-runner from 85.198.17.145
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: input_userauth_request: invalid user gitlab-runner [preauth]
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8882]: Successful su for rubyman by root
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8882]: + ??? root:rubyman
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380161 of user rubyman.
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8882]: pam_unix(su:session): session closed for user rubyman
May 12 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380161.
May 12 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Failed password for invalid user gitlab-runner from 85.198.17.145 port 51656 ssh2
May 12 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Connection closed by 85.198.17.145 port 51656 [preauth]
May 12 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5701]: pam_unix(cron:session): session closed for user root
May 12 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8810]: pam_unix(cron:session): session closed for user root
May 12 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: Invalid user es from 85.198.17.145
May 12 17:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: input_userauth_request: invalid user es [preauth]
May 12 17:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8809]: pam_unix(cron:session): session closed for user samftp
May 12 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: Failed password for invalid user es from 85.198.17.145 port 51674 ssh2
May 12 17:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: Connection closed by 85.198.17.145 port 51674 [preauth]
May 12 17:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Invalid user oracle from 85.198.17.145
May 12 17:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: input_userauth_request: invalid user oracle [preauth]
May 12 17:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Failed password for invalid user oracle from 85.198.17.145 port 54700 ssh2
May 12 17:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Connection closed by 85.198.17.145 port 54700 [preauth]
May 12 17:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Invalid user ubnt from 85.198.17.145
May 12 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: input_userauth_request: invalid user ubnt [preauth]
May 12 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Failed password for invalid user ubnt from 85.198.17.145 port 54702 ssh2
May 12 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Connection closed by 85.198.17.145 port 54702 [preauth]
May 12 17:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: Invalid user nvidia from 85.198.17.145
May 12 17:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: input_userauth_request: invalid user nvidia [preauth]
May 12 17:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: Failed password for invalid user nvidia from 85.198.17.145 port 57014 ssh2
May 12 17:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: Connection closed by 85.198.17.145 port 57014 [preauth]
May 12 17:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: Failed password for root from 85.198.17.145 port 57018 ssh2
May 12 17:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: Connection closed by 85.198.17.145 port 57018 [preauth]
May 12 17:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Failed password for root from 85.198.17.145 port 51246 ssh2
May 12 17:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Connection closed by 85.198.17.145 port 51246 [preauth]
May 12 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7805]: pam_unix(cron:session): session closed for user root
May 12 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: Invalid user developer from 85.198.17.145
May 12 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: input_userauth_request: invalid user developer [preauth]
May 12 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: Failed password for invalid user developer from 85.198.17.145 port 51264 ssh2
May 12 17:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: Connection closed by 85.198.17.145 port 51264 [preauth]
May 12 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9330]: Failed password for root from 85.198.17.145 port 44664 ssh2
May 12 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9330]: Connection closed by 85.198.17.145 port 44664 [preauth]
May 12 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: Connection closed by 172.105.128.12 port 51760 [preauth]
May 12 17:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: User ftp from 85.198.17.145 not allowed because not listed in AllowUsers
May 12 17:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: input_userauth_request: invalid user ftp [preauth]
May 12 17:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=ftp
May 12 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: Connection closed by 172.105.128.12 port 51768 [preauth]
May 12 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: fatal: Unable to negotiate with 172.105.128.12 port 51794: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May 12 17:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Failed password for invalid user ftp from 85.198.17.145 port 44674 ssh2
May 12 17:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Connection closed by 85.198.17.145 port 44674 [preauth]
May 12 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: Invalid user mongodb from 85.198.17.145
May 12 17:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: input_userauth_request: invalid user mongodb [preauth]
May 12 17:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: Failed password for invalid user mongodb from 85.198.17.145 port 59052 ssh2
May 12 17:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: Connection closed by 85.198.17.145 port 59052 [preauth]
May 12 17:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: Invalid user mongodb from 85.198.17.145
May 12 17:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: input_userauth_request: invalid user mongodb [preauth]
May 12 17:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: Failed password for invalid user mongodb from 85.198.17.145 port 59058 ssh2
May 12 17:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: Connection closed by 85.198.17.145 port 59058 [preauth]
May 12 17:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Invalid user app from 85.198.17.145
May 12 17:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: input_userauth_request: invalid user app [preauth]
May 12 17:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9403]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9402]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9398]: pam_unix(cron:session): session closed for user p13x
May 12 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: Successful su for rubyman by root
May 12 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: + ??? root:rubyman
May 12 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380163 of user rubyman.
May 12 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: pam_unix(su:session): session closed for user rubyman
May 12 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380163.
May 12 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Failed password for invalid user app from 85.198.17.145 port 50844 ssh2
May 12 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Connection closed by 85.198.17.145 port 50844 [preauth]
May 12 17:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6228]: pam_unix(cron:session): session closed for user root
May 12 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9401]: pam_unix(cron:session): session closed for user samftp
May 12 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Failed password for root from 85.198.17.145 port 50850 ssh2
May 12 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Connection closed by 85.198.17.145 port 50850 [preauth]
May 12 17:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: Invalid user www from 85.198.17.145
May 12 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: input_userauth_request: invalid user www [preauth]
May 12 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: Failed password for invalid user www from 85.198.17.145 port 43136 ssh2
May 12 17:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: Connection closed by 85.198.17.145 port 43136 [preauth]
May 12 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Invalid user sonar from 85.198.17.145
May 12 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: input_userauth_request: invalid user sonar [preauth]
May 12 17:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for invalid user sonar from 85.198.17.145 port 43148 ssh2
May 12 17:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Connection closed by 85.198.17.145 port 43148 [preauth]
May 12 17:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Invalid user elasticsearch from 85.198.17.145
May 12 17:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: input_userauth_request: invalid user elasticsearch [preauth]
May 12 17:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Failed password for invalid user elasticsearch from 85.198.17.145 port 52606 ssh2
May 12 17:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Connection closed by 85.198.17.145 port 52606 [preauth]
May 12 17:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Invalid user docker from 85.198.17.145
May 12 17:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: input_userauth_request: invalid user docker [preauth]
May 12 17:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Failed password for invalid user docker from 85.198.17.145 port 52612 ssh2
May 12 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Connection closed by 85.198.17.145 port 52612 [preauth]
May 12 17:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Failed password for root from 85.198.17.145 port 60378 ssh2
May 12 17:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Connection closed by 85.198.17.145 port 60378 [preauth]
May 12 17:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Invalid user postgres from 85.198.17.145
May 12 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: input_userauth_request: invalid user postgres [preauth]
May 12 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8262]: pam_unix(cron:session): session closed for user root
May 12 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Failed password for invalid user postgres from 85.198.17.145 port 60392 ssh2
May 12 17:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Connection closed by 85.198.17.145 port 60392 [preauth]
May 12 17:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Invalid user dev from 85.198.17.145
May 12 17:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: input_userauth_request: invalid user dev [preauth]
May 12 17:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Failed password for invalid user dev from 85.198.17.145 port 60402 ssh2
May 12 17:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Connection closed by 85.198.17.145 port 60402 [preauth]
May 12 17:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: Invalid user guest from 85.198.17.145
May 12 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: input_userauth_request: invalid user guest [preauth]
May 12 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: Failed password for invalid user guest from 85.198.17.145 port 46576 ssh2
May 12 17:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: Connection closed by 85.198.17.145 port 46576 [preauth]
May 12 17:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: Invalid user tomcat from 85.198.17.145
May 12 17:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: input_userauth_request: invalid user tomcat [preauth]
May 12 17:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: Failed password for invalid user tomcat from 85.198.17.145 port 46580 ssh2
May 12 17:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: Connection closed by 85.198.17.145 port 46580 [preauth]
May 12 17:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Invalid user elsearch from 85.198.17.145
May 12 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: input_userauth_request: invalid user elsearch [preauth]
May 12 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Failed password for invalid user elsearch from 85.198.17.145 port 53956 ssh2
May 12 17:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Connection closed by 85.198.17.145 port 53956 [preauth]
May 12 17:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Invalid user git from 85.198.17.145
May 12 17:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: input_userauth_request: invalid user git [preauth]
May 12 17:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Failed password for invalid user git from 85.198.17.145 port 53968 ssh2
May 12 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Connection closed by 85.198.17.145 port 53968 [preauth]
May 12 17:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9837]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9834]: pam_unix(cron:session): session closed for user p13x
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: Invalid user vagrant from 85.198.17.145
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: input_userauth_request: invalid user vagrant [preauth]
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9900]: Successful su for rubyman by root
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9900]: + ??? root:rubyman
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380167 of user rubyman.
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9900]: pam_unix(su:session): session closed for user rubyman
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380167.
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: Failed password for invalid user vagrant from 85.198.17.145 port 53630 ssh2
May 12 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: Connection closed by 85.198.17.145 port 53630 [preauth]
May 12 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6692]: pam_unix(cron:session): session closed for user root
May 12 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9835]: pam_unix(cron:session): session closed for user samftp
May 12 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Invalid user esuser from 85.198.17.145
May 12 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: input_userauth_request: invalid user esuser [preauth]
May 12 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Failed password for invalid user esuser from 85.198.17.145 port 53632 ssh2
May 12 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Connection closed by 85.198.17.145 port 53632 [preauth]
May 12 17:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: Invalid user ftpuser from 85.198.17.145
May 12 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: input_userauth_request: invalid user ftpuser [preauth]
May 12 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: Failed password for invalid user ftpuser from 85.198.17.145 port 42740 ssh2
May 12 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: Connection closed by 85.198.17.145 port 42740 [preauth]
May 12 17:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Invalid user esuser from 85.198.17.145
May 12 17:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: input_userauth_request: invalid user esuser [preauth]
May 12 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Failed password for invalid user esuser from 85.198.17.145 port 42746 ssh2
May 12 17:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Connection closed by 85.198.17.145 port 42746 [preauth]
May 12 17:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Failed password for root from 85.198.17.145 port 33926 ssh2
May 12 17:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Connection closed by 85.198.17.145 port 33926 [preauth]
May 12 17:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: Invalid user daniel from 121.74.213.40
May 12 17:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: input_userauth_request: invalid user daniel [preauth]
May 12 17:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Invalid user worker from 85.198.17.145
May 12 17:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: input_userauth_request: invalid user worker [preauth]
May 12 17:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.74.213.40
May 12 17:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user worker from 85.198.17.145 port 33934 ssh2
May 12 17:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Connection closed by 85.198.17.145 port 33934 [preauth]
May 12 17:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: Failed password for invalid user daniel from 121.74.213.40 port 50706 ssh2
May 12 17:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Invalid user ftpuser from 85.198.17.145
May 12 17:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: input_userauth_request: invalid user ftpuser [preauth]
May 12 17:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Failed password for invalid user ftpuser from 85.198.17.145 port 52904 ssh2
May 12 17:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Connection closed by 85.198.17.145 port 52904 [preauth]
May 12 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8812]: pam_unix(cron:session): session closed for user root
May 12 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Invalid user admin from 85.198.17.145
May 12 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: input_userauth_request: invalid user admin [preauth]
May 12 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Invalid user ftptest from 185.93.89.118
May 12 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: input_userauth_request: invalid user ftptest [preauth]
May 12 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Failed password for invalid user admin from 85.198.17.145 port 52920 ssh2
May 12 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Connection closed by 85.198.17.145 port 52920 [preauth]
May 12 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Failed password for invalid user ftptest from 185.93.89.118 port 41566 ssh2
May 12 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Invalid user steam from 85.198.17.145
May 12 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: input_userauth_request: invalid user steam [preauth]
May 12 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Connection closed by 185.93.89.118 port 41566 [preauth]
May 12 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Failed password for invalid user steam from 85.198.17.145 port 41508 ssh2
May 12 17:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Connection closed by 85.198.17.145 port 41508 [preauth]
May 12 17:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: Invalid user es from 85.198.17.145
May 12 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: input_userauth_request: invalid user es [preauth]
May 12 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: Failed password for invalid user es from 85.198.17.145 port 41524 ssh2
May 12 17:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: Connection closed by 85.198.17.145 port 41524 [preauth]
May 12 17:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10322]: Failed password for root from 85.198.17.145 port 36070 ssh2
May 12 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: Invalid user ftptest1 from 185.93.89.118
May 12 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: input_userauth_request: invalid user ftptest1 [preauth]
May 12 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10322]: Connection closed by 85.198.17.145 port 36070 [preauth]
May 12 17:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: Failed password for invalid user ftptest1 from 185.93.89.118 port 8004 ssh2
May 12 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: Invalid user deploy from 85.198.17.145
May 12 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: input_userauth_request: invalid user deploy [preauth]
May 12 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: Connection closed by 185.93.89.118 port 8004 [preauth]
May 12 17:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: Failed password for invalid user deploy from 85.198.17.145 port 36086 ssh2
May 12 17:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: Connection closed by 85.198.17.145 port 36086 [preauth]
May 12 17:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Invalid user demo from 85.198.17.145
May 12 17:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: input_userauth_request: invalid user demo [preauth]
May 12 17:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Failed password for invalid user demo from 85.198.17.145 port 52968 ssh2
May 12 17:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Connection closed by 85.198.17.145 port 52968 [preauth]
May 12 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10360]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10361]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10358]: pam_unix(cron:session): session closed for user p13x
May 12 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10427]: Successful su for rubyman by root
May 12 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10427]: + ??? root:rubyman
May 12 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380173 of user rubyman.
May 12 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10427]: pam_unix(su:session): session closed for user rubyman
May 12 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380173.
May 12 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Invalid user ftpmedia from 185.93.89.118
May 12 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: input_userauth_request: invalid user ftpmedia [preauth]
May 12 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10476]: Invalid user deploy from 85.198.17.145
May 12 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10476]: input_userauth_request: invalid user deploy [preauth]
May 12 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10476]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Failed password for invalid user ftpmedia from 185.93.89.118 port 58866 ssh2
May 12 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7247]: pam_unix(cron:session): session closed for user root
May 12 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10476]: Failed password for invalid user deploy from 85.198.17.145 port 52974 ssh2
May 12 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10476]: Connection closed by 85.198.17.145 port 52974 [preauth]
May 12 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Connection closed by 185.93.89.118 port 58866 [preauth]
May 12 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10359]: pam_unix(cron:session): session closed for user samftp
May 12 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: Invalid user dev from 85.198.17.145
May 12 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: input_userauth_request: invalid user dev [preauth]
May 12 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: Failed password for invalid user dev from 85.198.17.145 port 55716 ssh2
May 12 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: Connection closed by 85.198.17.145 port 55716 [preauth]
May 12 17:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: Invalid user oscar from 85.198.17.145
May 12 17:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: input_userauth_request: invalid user oscar [preauth]
May 12 17:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: Failed password for invalid user oscar from 85.198.17.145 port 55730 ssh2
May 12 17:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Invalid user ftpdown from 185.93.89.118
May 12 17:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: input_userauth_request: invalid user ftpdown [preauth]
May 12 17:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 17:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: Connection closed by 85.198.17.145 port 55730 [preauth]
May 12 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Failed password for invalid user ftpdown from 185.93.89.118 port 33248 ssh2
May 12 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10709]: Invalid user dolphinscheduler from 85.198.17.145
May 12 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10709]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10709]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Connection closed by 185.93.89.118 port 33248 [preauth]
May 12 17:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10709]: Failed password for invalid user dolphinscheduler from 85.198.17.145 port 55746 ssh2
May 12 17:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10709]: Connection closed by 85.198.17.145 port 55746 [preauth]
May 12 17:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Invalid user pi from 85.198.17.145
May 12 17:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: input_userauth_request: invalid user pi [preauth]
May 12 17:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Failed password for invalid user pi from 85.198.17.145 port 35158 ssh2
May 12 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Connection closed by 85.198.17.145 port 35158 [preauth]
May 12 17:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Invalid user dev from 85.198.17.145
May 12 17:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: input_userauth_request: invalid user dev [preauth]
May 12 17:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Failed password for invalid user dev from 85.198.17.145 port 35172 ssh2
May 12 17:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Connection closed by 85.198.17.145 port 35172 [preauth]
May 12 17:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: Invalid user ftpuser1 from 185.93.89.118
May 12 17:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: input_userauth_request: invalid user ftpuser1 [preauth]
May 12 17:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 17:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Invalid user oceanbase from 85.198.17.145
May 12 17:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: input_userauth_request: invalid user oceanbase [preauth]
May 12 17:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: Failed password for invalid user ftpuser1 from 185.93.89.118 port 29216 ssh2
May 12 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9403]: pam_unix(cron:session): session closed for user root
May 12 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Failed password for invalid user oceanbase from 85.198.17.145 port 43164 ssh2
May 12 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Connection closed by 85.198.17.145 port 43164 [preauth]
May 12 17:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: Connection closed by 185.93.89.118 port 29216 [preauth]
May 12 17:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Invalid user lighthouse from 85.198.17.145
May 12 17:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: input_userauth_request: invalid user lighthouse [preauth]
May 12 17:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Failed password for invalid user lighthouse from 85.198.17.145 port 43176 ssh2
May 12 17:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Connection closed by 85.198.17.145 port 43176 [preauth]
May 12 17:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Failed password for root from 85.198.17.145 port 35738 ssh2
May 12 17:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Connection closed by 85.198.17.145 port 35738 [preauth]
May 12 17:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10834]: Failed password for root from 85.198.17.145 port 35752 ssh2
May 12 17:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10834]: Connection closed by 85.198.17.145 port 35752 [preauth]
May 12 17:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: Failed password for root from 85.198.17.145 port 55264 ssh2
May 12 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: Connection closed by 85.198.17.145 port 55264 [preauth]
May 12 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10857]: Failed password for root from 85.198.17.145 port 55274 ssh2
May 12 17:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10857]: Connection closed by 85.198.17.145 port 55274 [preauth]
May 12 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: Invalid user user from 85.198.17.145
May 12 17:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: input_userauth_request: invalid user user [preauth]
May 12 17:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10874]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10875]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10872]: pam_unix(cron:session): session closed for user p13x
May 12 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10931]: Successful su for rubyman by root
May 12 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10931]: + ??? root:rubyman
May 12 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380176 of user rubyman.
May 12 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10931]: pam_unix(su:session): session closed for user rubyman
May 12 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380176.
May 12 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: Failed password for invalid user user from 85.198.17.145 port 42396 ssh2
May 12 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: Connection closed by 85.198.17.145 port 42396 [preauth]
May 12 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7804]: pam_unix(cron:session): session closed for user root
May 12 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10873]: pam_unix(cron:session): session closed for user samftp
May 12 17:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11087]: Failed password for root from 85.198.17.145 port 42404 ssh2
May 12 17:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11087]: Connection closed by 85.198.17.145 port 42404 [preauth]
May 12 17:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Invalid user svnuser from 85.198.17.145
May 12 17:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: input_userauth_request: invalid user svnuser [preauth]
May 12 17:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Failed password for invalid user svnuser from 85.198.17.145 port 39162 ssh2
May 12 17:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Connection closed by 85.198.17.145 port 39162 [preauth]
May 12 17:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Invalid user ftpuser from 85.198.17.145
May 12 17:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: input_userauth_request: invalid user ftpuser [preauth]
May 12 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Failed password for invalid user ftpuser from 85.198.17.145 port 39170 ssh2
May 12 17:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Connection closed by 85.198.17.145 port 39170 [preauth]
May 12 17:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Invalid user ubuntu from 85.198.17.145
May 12 17:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: input_userauth_request: invalid user ubuntu [preauth]
May 12 17:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Failed password for invalid user ubuntu from 85.198.17.145 port 45878 ssh2
May 12 17:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Connection closed by 85.198.17.145 port 45878 [preauth]
May 12 17:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Failed password for root from 85.198.17.145 port 45884 ssh2
May 12 17:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Connection closed by 85.198.17.145 port 45884 [preauth]
May 12 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: Invalid user esadmin from 85.198.17.145
May 12 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: input_userauth_request: invalid user esadmin [preauth]
May 12 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: Failed password for invalid user esadmin from 85.198.17.145 port 43010 ssh2
May 12 17:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: Connection closed by 85.198.17.145 port 43010 [preauth]
May 12 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9837]: pam_unix(cron:session): session closed for user root
May 12 17:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Failed password for root from 85.198.17.145 port 43022 ssh2
May 12 17:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Connection closed by 85.198.17.145 port 43022 [preauth]
May 12 17:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: Invalid user flask from 85.198.17.145
May 12 17:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: input_userauth_request: invalid user flask [preauth]
May 12 17:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: Failed password for invalid user flask from 85.198.17.145 port 54238 ssh2
May 12 17:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: Connection closed by 85.198.17.145 port 54238 [preauth]
May 12 17:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: Invalid user deploy from 85.198.17.145
May 12 17:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: input_userauth_request: invalid user deploy [preauth]
May 12 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: Failed password for invalid user deploy from 85.198.17.145 port 54242 ssh2
May 12 17:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: Connection closed by 85.198.17.145 port 54242 [preauth]
May 12 17:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Failed password for root from 85.198.17.145 port 53114 ssh2
May 12 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Connection closed by 85.198.17.145 port 53114 [preauth]
May 12 17:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Failed password for root from 85.198.17.145 port 53116 ssh2
May 12 17:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Connection closed by 85.198.17.145 port 53116 [preauth]
May 12 17:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: Invalid user oracle from 85.198.17.145
May 12 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: input_userauth_request: invalid user oracle [preauth]
May 12 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: Failed password for invalid user oracle from 85.198.17.145 port 33292 ssh2
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: Connection closed by 85.198.17.145 port 33292 [preauth]
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11293]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11296]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11295]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11294]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11296]: pam_unix(cron:session): session closed for user root
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11291]: pam_unix(cron:session): session closed for user p13x
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11356]: Successful su for rubyman by root
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11356]: + ??? root:rubyman
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380184 of user rubyman.
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11356]: pam_unix(su:session): session closed for user rubyman
May 12 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380184.
May 12 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Invalid user rabbitmq from 85.198.17.145
May 12 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: input_userauth_request: invalid user rabbitmq [preauth]
May 12 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11293]: pam_unix(cron:session): session closed for user root
May 12 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session closed for user root
May 12 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Failed password for invalid user rabbitmq from 85.198.17.145 port 33298 ssh2
May 12 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Connection closed by 85.198.17.145 port 33298 [preauth]
May 12 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11292]: pam_unix(cron:session): session closed for user samftp
May 12 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Failed password for root from 85.198.17.145 port 54760 ssh2
May 12 17:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Connection closed by 85.198.17.145 port 54760 [preauth]
May 12 17:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Failed password for root from 85.198.17.145 port 54772 ssh2
May 12 17:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Connection closed by 85.198.17.145 port 54772 [preauth]
May 12 17:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Failed password for root from 85.198.17.145 port 54778 ssh2
May 12 17:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Connection closed by 85.198.17.145 port 54778 [preauth]
May 12 17:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: Failed password for root from 85.198.17.145 port 50068 ssh2
May 12 17:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: Connection closed by 85.198.17.145 port 50068 [preauth]
May 12 17:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: Invalid user wang from 85.198.17.145
May 12 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: input_userauth_request: invalid user wang [preauth]
May 12 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: Failed password for invalid user wang from 85.198.17.145 port 50078 ssh2
May 12 17:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: Connection closed by 85.198.17.145 port 50078 [preauth]
May 12 17:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: Invalid user hadoop from 85.198.17.145
May 12 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: input_userauth_request: invalid user hadoop [preauth]
May 12 17:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10361]: pam_unix(cron:session): session closed for user root
May 12 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: Failed password for invalid user hadoop from 85.198.17.145 port 52878 ssh2
May 12 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: Connection closed by 85.198.17.145 port 52878 [preauth]
May 12 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Failed password for root from 85.198.17.145 port 52884 ssh2
May 12 17:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Connection closed by 85.198.17.145 port 52884 [preauth]
May 12 17:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Invalid user elasticsearch from 85.198.17.145
May 12 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: input_userauth_request: invalid user elasticsearch [preauth]
May 12 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Failed password for invalid user elasticsearch from 85.198.17.145 port 40254 ssh2
May 12 17:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Connection closed by 85.198.17.145 port 40254 [preauth]
May 12 17:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11709]: User ftp from 85.198.17.145 not allowed because not listed in AllowUsers
May 12 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11709]: input_userauth_request: invalid user ftp [preauth]
May 12 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=ftp
May 12 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11709]: Failed password for invalid user ftp from 85.198.17.145 port 40270 ssh2
May 12 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11709]: Connection closed by 85.198.17.145 port 40270 [preauth]
May 12 17:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11721]: Invalid user uftp from 85.198.17.145
May 12 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11721]: input_userauth_request: invalid user uftp [preauth]
May 12 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11721]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11721]: Failed password for invalid user uftp from 85.198.17.145 port 58354 ssh2
May 12 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11721]: Connection closed by 85.198.17.145 port 58354 [preauth]
May 12 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Invalid user awsgui from 85.198.17.145
May 12 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: input_userauth_request: invalid user awsgui [preauth]
May 12 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Failed password for invalid user awsgui from 85.198.17.145 port 58370 ssh2
May 12 17:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Connection closed by 85.198.17.145 port 58370 [preauth]
May 12 17:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Invalid user dolphinscheduler from 85.198.17.145
May 12 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11747]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11748]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11745]: pam_unix(cron:session): session closed for user p13x
May 12 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: Successful su for rubyman by root
May 12 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: + ??? root:rubyman
May 12 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380185 of user rubyman.
May 12 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: pam_unix(su:session): session closed for user rubyman
May 12 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380185.
May 12 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Failed password for invalid user dolphinscheduler from 85.198.17.145 port 54494 ssh2
May 12 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Connection closed by 85.198.17.145 port 54494 [preauth]
May 12 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8811]: pam_unix(cron:session): session closed for user root
May 12 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11746]: pam_unix(cron:session): session closed for user samftp
May 12 17:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Failed password for root from 85.198.17.145 port 54498 ssh2
May 12 17:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Connection closed by 85.198.17.145 port 54498 [preauth]
May 12 17:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Invalid user yarn from 85.198.17.145
May 12 17:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: input_userauth_request: invalid user yarn [preauth]
May 12 17:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Failed password for invalid user yarn from 85.198.17.145 port 53346 ssh2
May 12 17:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Connection closed by 85.198.17.145 port 53346 [preauth]
May 12 17:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: Invalid user test2 from 85.198.17.145
May 12 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: input_userauth_request: invalid user test2 [preauth]
May 12 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: Failed password for invalid user test2 from 85.198.17.145 port 53350 ssh2
May 12 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: Connection closed by 85.198.17.145 port 53350 [preauth]
May 12 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Invalid user oracle from 85.198.17.145
May 12 17:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: input_userauth_request: invalid user oracle [preauth]
May 12 17:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Failed password for invalid user oracle from 85.198.17.145 port 54498 ssh2
May 12 17:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Connection closed by 85.198.17.145 port 54498 [preauth]
May 12 17:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: Invalid user guest from 85.198.17.145
May 12 17:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: input_userauth_request: invalid user guest [preauth]
May 12 17:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: Failed password for invalid user guest from 85.198.17.145 port 54506 ssh2
May 12 17:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: Connection closed by 85.198.17.145 port 54506 [preauth]
May 12 17:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: Invalid user wang from 85.198.17.145
May 12 17:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: input_userauth_request: invalid user wang [preauth]
May 12 17:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: Failed password for invalid user wang from 85.198.17.145 port 59134 ssh2
May 12 17:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: Connection closed by 85.198.17.145 port 59134 [preauth]
May 12 17:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: Invalid user www from 85.198.17.145
May 12 17:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: input_userauth_request: invalid user www [preauth]
May 12 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10875]: pam_unix(cron:session): session closed for user root
May 12 17:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: Failed password for invalid user www from 85.198.17.145 port 59144 ssh2
May 12 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: Connection closed by 85.198.17.145 port 59144 [preauth]
May 12 17:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Failed password for root from 85.198.17.145 port 59148 ssh2
May 12 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Connection closed by 85.198.17.145 port 59148 [preauth]
May 12 17:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: Invalid user nexus from 85.198.17.145
May 12 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: input_userauth_request: invalid user nexus [preauth]
May 12 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: Failed password for invalid user nexus from 85.198.17.145 port 33502 ssh2
May 12 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: Connection closed by 85.198.17.145 port 33502 [preauth]
May 12 17:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: Invalid user app from 85.198.17.145
May 12 17:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: input_userauth_request: invalid user app [preauth]
May 12 17:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: Failed password for invalid user app from 85.198.17.145 port 33508 ssh2
May 12 17:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: Connection closed by 85.198.17.145 port 33508 [preauth]
May 12 17:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Invalid user nvidia from 85.198.17.145
May 12 17:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: input_userauth_request: invalid user nvidia [preauth]
May 12 17:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Failed password for invalid user nvidia from 85.198.17.145 port 40192 ssh2
May 12 17:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Connection closed by 85.198.17.145 port 40192 [preauth]
May 12 17:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Failed password for root from 85.198.17.145 port 40200 ssh2
May 12 17:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Connection closed by 85.198.17.145 port 40200 [preauth]
May 12 17:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May 12 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12175]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12176]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session closed for user root
May 12 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session closed for user p13x
May 12 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: Successful su for rubyman by root
May 12 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: + ??? root:rubyman
May 12 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380191 of user rubyman.
May 12 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: pam_unix(su:session): session closed for user rubyman
May 12 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380191.
May 12 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Failed password for root from 85.198.17.145 port 37054 ssh2
May 12 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Connection closed by 85.198.17.145 port 37054 [preauth]
May 12 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9402]: pam_unix(cron:session): session closed for user root
May 12 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: Invalid user es from 85.198.17.145
May 12 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: input_userauth_request: invalid user es [preauth]
May 12 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session closed for user samftp
May 12 17:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: Failed password for invalid user es from 85.198.17.145 port 37066 ssh2
May 12 17:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: Connection closed by 85.198.17.145 port 37066 [preauth]
May 12 17:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Invalid user sugi from 85.198.17.145
May 12 17:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: input_userauth_request: invalid user sugi [preauth]
May 12 17:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May 12 17:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Failed password for invalid user sugi from 85.198.17.145 port 48066 ssh2
May 12 17:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Connection closed by 85.198.17.145 port 48066 [preauth]
May 12 17:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11295]: pam_unix(cron:session): session closed for user root
May 12 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12587]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12584]: pam_unix(cron:session): session closed for user p13x
May 12 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12642]: Successful su for rubyman by root
May 12 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12642]: + ??? root:rubyman
May 12 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380194 of user rubyman.
May 12 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12642]: pam_unix(su:session): session closed for user rubyman
May 12 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380194.
May 12 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session closed for user root
May 12 17:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session closed for user samftp
May 12 17:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: Invalid user support from 91.135.103.7
May 12 17:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: input_userauth_request: invalid user support [preauth]
May 12 17:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.135.103.7
May 12 17:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: Failed password for invalid user support from 91.135.103.7 port 48413 ssh2
May 12 17:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: Connection closed by 91.135.103.7 port 48413 [preauth]
May 12 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11748]: pam_unix(cron:session): session closed for user root
May 12 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12972]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session closed for user p13x
May 12 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13032]: Successful su for rubyman by root
May 12 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13032]: + ??? root:rubyman
May 12 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380198 of user rubyman.
May 12 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13032]: pam_unix(su:session): session closed for user rubyman
May 12 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380198.
May 12 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10360]: pam_unix(cron:session): session closed for user root
May 12 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session closed for user samftp
May 12 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12176]: pam_unix(cron:session): session closed for user root
May 12 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13383]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session closed for user root
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13379]: pam_unix(cron:session): session closed for user p13x
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13534]: Successful su for rubyman by root
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13534]: + ??? root:rubyman
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380203 of user rubyman.
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13534]: pam_unix(su:session): session closed for user rubyman
May 12 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380203.
May 12 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Invalid user admin from 80.94.95.112
May 12 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: input_userauth_request: invalid user admin [preauth]
May 12 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10874]: pam_unix(cron:session): session closed for user root
May 12 17:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session closed for user root
May 12 17:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Failed password for invalid user admin from 80.94.95.112 port 64255 ssh2
May 12 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session closed for user samftp
May 12 17:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Failed password for invalid user admin from 80.94.95.112 port 64255 ssh2
May 12 17:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Failed password for invalid user admin from 80.94.95.112 port 64255 ssh2
May 12 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Failed password for invalid user admin from 80.94.95.112 port 64255 ssh2
May 12 17:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Failed password for invalid user admin from 80.94.95.112 port 64255 ssh2
May 12 17:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Received disconnect from 80.94.95.112 port 64255:11: Bye [preauth]
May 12 17:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Disconnected from 80.94.95.112 port 64255 [preauth]
May 12 17:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 17:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 17:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May 12 17:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: Failed password for root from 193.70.84.184 port 45656 ssh2
May 12 17:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: Connection closed by 193.70.84.184 port 45656 [preauth]
May 12 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12587]: pam_unix(cron:session): session closed for user root
May 12 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13917]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13919]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13915]: pam_unix(cron:session): session closed for user p13x
May 12 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13983]: Successful su for rubyman by root
May 12 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13983]: + ??? root:rubyman
May 12 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380210 of user rubyman.
May 12 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13983]: pam_unix(su:session): session closed for user rubyman
May 12 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380210.
May 12 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11294]: pam_unix(cron:session): session closed for user root
May 12 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13916]: pam_unix(cron:session): session closed for user samftp
May 12 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12972]: pam_unix(cron:session): session closed for user root
May 12 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14323]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14324]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14321]: pam_unix(cron:session): session closed for user p13x
May 12 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14384]: Successful su for rubyman by root
May 12 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14384]: + ??? root:rubyman
May 12 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380212 of user rubyman.
May 12 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14384]: pam_unix(su:session): session closed for user rubyman
May 12 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380212.
May 12 17:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11747]: pam_unix(cron:session): session closed for user root
May 12 17:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14322]: pam_unix(cron:session): session closed for user samftp
May 12 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13383]: pam_unix(cron:session): session closed for user root
May 12 17:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Failed password for root from 80.94.95.125 port 40171 ssh2
May 12 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Received disconnect from 80.94.95.125 port 40171:11: Bye [preauth]
May 12 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Disconnected from 80.94.95.125 port 40171 [preauth]
May 12 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14737]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14734]: pam_unix(cron:session): session closed for user p13x
May 12 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14796]: Successful su for rubyman by root
May 12 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14796]: + ??? root:rubyman
May 12 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380217 of user rubyman.
May 12 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14796]: pam_unix(su:session): session closed for user rubyman
May 12 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380217.
May 12 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12175]: pam_unix(cron:session): session closed for user root
May 12 17:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14735]: pam_unix(cron:session): session closed for user samftp
May 12 17:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May 12 17:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Failed password for root from 164.68.105.9 port 43172 ssh2
May 12 17:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Connection closed by 164.68.105.9 port 43172 [preauth]
May 12 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13919]: pam_unix(cron:session): session closed for user root
May 12 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15148]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15146]: pam_unix(cron:session): session closed for user p13x
May 12 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15205]: Successful su for rubyman by root
May 12 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15205]: + ??? root:rubyman
May 12 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380221 of user rubyman.
May 12 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15205]: pam_unix(su:session): session closed for user rubyman
May 12 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380221.
May 12 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session closed for user root
May 12 17:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15147]: pam_unix(cron:session): session closed for user samftp
May 12 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14324]: pam_unix(cron:session): session closed for user root
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15540]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15538]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15539]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15541]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15541]: pam_unix(cron:session): session closed for user root
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15536]: pam_unix(cron:session): session closed for user p13x
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: Successful su for rubyman by root
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: + ??? root:rubyman
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380224 of user rubyman.
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: pam_unix(su:session): session closed for user rubyman
May 12 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380224.
May 12 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15538]: pam_unix(cron:session): session closed for user root
May 12 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session closed for user root
May 12 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15537]: pam_unix(cron:session): session closed for user samftp
May 12 17:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14737]: pam_unix(cron:session): session closed for user root
May 12 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15966]: pam_unix(cron:session): session closed for user p13x
May 12 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16030]: Successful su for rubyman by root
May 12 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16030]: + ??? root:rubyman
May 12 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380231 of user rubyman.
May 12 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16030]: pam_unix(su:session): session closed for user rubyman
May 12 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380231.
May 12 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session closed for user root
May 12 17:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session closed for user samftp
May 12 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session closed for user root
May 12 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16348]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16349]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16346]: pam_unix(cron:session): session closed for user p13x
May 12 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16403]: Successful su for rubyman by root
May 12 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16403]: + ??? root:rubyman
May 12 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380235 of user rubyman.
May 12 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16403]: pam_unix(su:session): session closed for user rubyman
May 12 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380235.
May 12 17:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13917]: pam_unix(cron:session): session closed for user root
May 12 17:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session closed for user samftp
May 12 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15540]: pam_unix(cron:session): session closed for user root
May 12 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16799]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16796]: pam_unix(cron:session): session closed for user p13x
May 12 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16857]: Successful su for rubyman by root
May 12 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16857]: + ??? root:rubyman
May 12 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380239 of user rubyman.
May 12 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16857]: pam_unix(su:session): session closed for user rubyman
May 12 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380239.
May 12 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14323]: pam_unix(cron:session): session closed for user root
May 12 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session closed for user samftp
May 12 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session closed for user root
May 12 17:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17173]: Failed password for root from 218.92.0.179 port 19591 ssh2
May 12 17:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17173]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 19591 ssh2]
May 12 17:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17173]: Received disconnect from 218.92.0.179 port 19591:11:  [preauth]
May 12 17:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17173]: Disconnected from 218.92.0.179 port 19591 [preauth]
May 12 17:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17173]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17237]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17235]: pam_unix(cron:session): session closed for user p13x
May 12 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: Successful su for rubyman by root
May 12 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: + ??? root:rubyman
May 12 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380242 of user rubyman.
May 12 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: pam_unix(su:session): session closed for user rubyman
May 12 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380242.
May 12 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session closed for user root
May 12 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17236]: pam_unix(cron:session): session closed for user samftp
May 12 17:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16349]: pam_unix(cron:session): session closed for user root
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17656]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17653]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17655]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17654]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17656]: pam_unix(cron:session): session closed for user root
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17646]: pam_unix(cron:session): session closed for user p13x
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17723]: Successful su for rubyman by root
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17723]: + ??? root:rubyman
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380248 of user rubyman.
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17723]: pam_unix(su:session): session closed for user rubyman
May 12 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380248.
May 12 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17653]: pam_unix(cron:session): session closed for user root
May 12 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15148]: pam_unix(cron:session): session closed for user root
May 12 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17652]: pam_unix(cron:session): session closed for user samftp
May 12 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16799]: pam_unix(cron:session): session closed for user root
May 12 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18205]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18204]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18202]: pam_unix(cron:session): session closed for user p13x
May 12 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18270]: Successful su for rubyman by root
May 12 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18270]: + ??? root:rubyman
May 12 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380252 of user rubyman.
May 12 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18270]: pam_unix(su:session): session closed for user rubyman
May 12 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380252.
May 12 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15539]: pam_unix(cron:session): session closed for user root
May 12 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18203]: pam_unix(cron:session): session closed for user samftp
May 12 17:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: Invalid user accounting from 193.32.162.157
May 12 17:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: input_userauth_request: invalid user accounting [preauth]
May 12 17:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 17:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: Failed password for invalid user accounting from 193.32.162.157 port 53208 ssh2
May 12 17:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: Connection closed by 193.32.162.157 port 53208 [preauth]
May 12 17:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session closed for user root
May 12 17:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Invalid user git from 193.32.162.157
May 12 17:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: input_userauth_request: invalid user git [preauth]
May 12 17:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 17:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Failed password for invalid user git from 193.32.162.157 port 30710 ssh2
May 12 17:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Connection closed by 193.32.162.157 port 30710 [preauth]
May 12 17:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: Invalid user account from 193.32.162.157
May 12 17:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: input_userauth_request: invalid user account [preauth]
May 12 17:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 17:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: Failed password for invalid user account from 193.32.162.157 port 30752 ssh2
May 12 17:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: Connection closed by 193.32.162.157 port 30752 [preauth]
May 12 17:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: Invalid user git from 193.32.162.157
May 12 17:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: input_userauth_request: invalid user git [preauth]
May 12 17:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 17:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: Failed password for invalid user git from 193.32.162.157 port 26102 ssh2
May 12 17:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: Connection closed by 193.32.162.157 port 26102 [preauth]
May 12 17:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18625]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18626]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18623]: pam_unix(cron:session): session closed for user p13x
May 12 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18690]: Successful su for rubyman by root
May 12 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18690]: + ??? root:rubyman
May 12 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380257 of user rubyman.
May 12 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18690]: pam_unix(su:session): session closed for user rubyman
May 12 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380257.
May 12 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session closed for user root
May 12 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18624]: pam_unix(cron:session): session closed for user samftp
May 12 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Invalid user abraham from 193.32.162.157
May 12 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: input_userauth_request: invalid user abraham [preauth]
May 12 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 17:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Failed password for invalid user abraham from 193.32.162.157 port 55528 ssh2
May 12 17:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Connection closed by 193.32.162.157 port 55528 [preauth]
May 12 17:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17655]: pam_unix(cron:session): session closed for user root
May 12 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19043]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19044]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session closed for user p13x
May 12 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19106]: Successful su for rubyman by root
May 12 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19106]: + ??? root:rubyman
May 12 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380260 of user rubyman.
May 12 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19106]: pam_unix(su:session): session closed for user rubyman
May 12 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380260.
May 12 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16348]: pam_unix(cron:session): session closed for user root
May 12 17:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19042]: pam_unix(cron:session): session closed for user samftp
May 12 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18205]: pam_unix(cron:session): session closed for user root
May 12 17:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19427]: Failed password for root from 218.92.0.179 port 20471 ssh2
May 12 17:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19427]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 20471 ssh2]
May 12 17:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19427]: Received disconnect from 218.92.0.179 port 20471:11:  [preauth]
May 12 17:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19427]: Disconnected from 218.92.0.179 port 20471 [preauth]
May 12 17:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19427]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19454]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19450]: pam_unix(cron:session): session closed for user p13x
May 12 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19516]: Successful su for rubyman by root
May 12 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19516]: + ??? root:rubyman
May 12 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380266 of user rubyman.
May 12 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19516]: pam_unix(su:session): session closed for user rubyman
May 12 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380266.
May 12 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session closed for user root
May 12 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19451]: pam_unix(cron:session): session closed for user samftp
May 12 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18626]: pam_unix(cron:session): session closed for user root
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19872]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19871]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session closed for user root
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19869]: pam_unix(cron:session): session closed for user p13x
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19939]: Successful su for rubyman by root
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19939]: + ??? root:rubyman
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380272 of user rubyman.
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19939]: pam_unix(su:session): session closed for user rubyman
May 12 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380272.
May 12 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17237]: pam_unix(cron:session): session closed for user root
May 12 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19871]: pam_unix(cron:session): session closed for user root
May 12 17:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19870]: pam_unix(cron:session): session closed for user samftp
May 12 17:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: Failed password for root from 218.92.0.179 port 37771 ssh2
May 12 17:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 37771 ssh2]
May 12 17:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: Received disconnect from 218.92.0.179 port 37771:11:  [preauth]
May 12 17:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: Disconnected from 218.92.0.179 port 37771 [preauth]
May 12 17:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19044]: pam_unix(cron:session): session closed for user root
May 12 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: Invalid user ubnt from 80.94.95.125
May 12 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: input_userauth_request: invalid user ubnt [preauth]
May 12 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 17:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: Failed password for invalid user ubnt from 80.94.95.125 port 28058 ssh2
May 12 17:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: Received disconnect from 80.94.95.125 port 28058:11: Bye [preauth]
May 12 17:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: Disconnected from 80.94.95.125 port 28058 [preauth]
May 12 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20312]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20311]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20309]: pam_unix(cron:session): session closed for user p13x
May 12 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20377]: Successful su for rubyman by root
May 12 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20377]: + ??? root:rubyman
May 12 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380274 of user rubyman.
May 12 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20377]: pam_unix(su:session): session closed for user rubyman
May 12 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380274.
May 12 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17654]: pam_unix(cron:session): session closed for user root
May 12 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20310]: pam_unix(cron:session): session closed for user samftp
May 12 17:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19454]: pam_unix(cron:session): session closed for user root
May 12 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20735]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20736]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session closed for user p13x
May 12 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20795]: Successful su for rubyman by root
May 12 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20795]: + ??? root:rubyman
May 12 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380279 of user rubyman.
May 12 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20795]: pam_unix(su:session): session closed for user rubyman
May 12 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380279.
May 12 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18204]: pam_unix(cron:session): session closed for user root
May 12 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session closed for user samftp
May 12 17:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Invalid user admin from 45.6.188.43
May 12 17:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: input_userauth_request: invalid user admin [preauth]
May 12 17:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 12 17:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Failed password for invalid user admin from 45.6.188.43 port 47264 ssh2
May 12 17:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Connection closed by 45.6.188.43 port 47264 [preauth]
May 12 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session closed for user root
May 12 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session closed for user p13x
May 12 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21224]: Successful su for rubyman by root
May 12 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21224]: + ??? root:rubyman
May 12 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380284 of user rubyman.
May 12 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21224]: pam_unix(su:session): session closed for user rubyman
May 12 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380284.
May 12 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18625]: pam_unix(cron:session): session closed for user root
May 12 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session closed for user samftp
May 12 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20312]: pam_unix(cron:session): session closed for user root
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21596]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21595]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21590]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21592]: pam_unix(cron:session): session closed for user p13x
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21745]: Successful su for rubyman by root
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21745]: + ??? root:rubyman
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380287 of user rubyman.
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21745]: pam_unix(su:session): session closed for user rubyman
May 12 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380287.
May 12 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21590]: pam_unix(cron:session): session closed for user root
May 12 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19043]: pam_unix(cron:session): session closed for user root
May 12 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21594]: pam_unix(cron:session): session closed for user samftp
May 12 17:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22306]: Did not receive identification string from 80.64.18.84
May 12 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20736]: pam_unix(cron:session): session closed for user root
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22464]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22463]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22461]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22464]: pam_unix(cron:session): session closed for user root
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22457]: pam_unix(cron:session): session closed for user p13x
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22539]: Successful su for rubyman by root
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22539]: + ??? root:rubyman
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380295 of user rubyman.
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22539]: pam_unix(su:session): session closed for user rubyman
May 12 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380295.
May 12 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session closed for user root
May 12 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session closed for user root
May 12 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22458]: pam_unix(cron:session): session closed for user samftp
May 12 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session closed for user root
May 12 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22983]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22985]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22980]: pam_unix(cron:session): session closed for user p13x
May 12 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23051]: Successful su for rubyman by root
May 12 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23051]: + ??? root:rubyman
May 12 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380297 of user rubyman.
May 12 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23051]: pam_unix(su:session): session closed for user rubyman
May 12 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380297.
May 12 17:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19872]: pam_unix(cron:session): session closed for user root
May 12 17:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22982]: pam_unix(cron:session): session closed for user samftp
May 12 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21596]: pam_unix(cron:session): session closed for user root
May 12 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23489]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23490]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23487]: pam_unix(cron:session): session closed for user p13x
May 12 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23548]: Successful su for rubyman by root
May 12 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23548]: + ??? root:rubyman
May 12 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380302 of user rubyman.
May 12 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23548]: pam_unix(su:session): session closed for user rubyman
May 12 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380302.
May 12 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20311]: pam_unix(cron:session): session closed for user root
May 12 17:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23488]: pam_unix(cron:session): session closed for user samftp
May 12 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22463]: pam_unix(cron:session): session closed for user root
May 12 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24013]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24012]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24010]: pam_unix(cron:session): session closed for user p13x
May 12 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24070]: Successful su for rubyman by root
May 12 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24070]: + ??? root:rubyman
May 12 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380305 of user rubyman.
May 12 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24070]: pam_unix(su:session): session closed for user rubyman
May 12 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380305.
May 12 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20735]: pam_unix(cron:session): session closed for user root
May 12 17:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24011]: pam_unix(cron:session): session closed for user samftp
May 12 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22985]: pam_unix(cron:session): session closed for user root
May 12 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24441]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24440]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24438]: pam_unix(cron:session): session closed for user p13x
May 12 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24500]: Successful su for rubyman by root
May 12 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24500]: + ??? root:rubyman
May 12 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380309 of user rubyman.
May 12 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24500]: pam_unix(su:session): session closed for user rubyman
May 12 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380309.
May 12 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session closed for user root
May 12 17:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24439]: pam_unix(cron:session): session closed for user samftp
May 12 17:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23490]: pam_unix(cron:session): session closed for user root
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24860]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24861]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24864]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24864]: pam_unix(cron:session): session closed for user root
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24858]: pam_unix(cron:session): session closed for user p13x
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24935]: Successful su for rubyman by root
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24935]: + ??? root:rubyman
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380316 of user rubyman.
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24935]: pam_unix(su:session): session closed for user rubyman
May 12 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380316.
May 12 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24860]: pam_unix(cron:session): session closed for user root
May 12 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21595]: pam_unix(cron:session): session closed for user root
May 12 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24859]: pam_unix(cron:session): session closed for user samftp
May 12 17:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May 12 17:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Failed password for root from 50.235.31.47 port 47558 ssh2
May 12 17:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Connection closed by 50.235.31.47 port 47558 [preauth]
May 12 17:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24013]: pam_unix(cron:session): session closed for user root
May 12 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25314]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25313]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25311]: pam_unix(cron:session): session closed for user p13x
May 12 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25385]: Successful su for rubyman by root
May 12 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25385]: + ??? root:rubyman
May 12 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380320 of user rubyman.
May 12 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25385]: pam_unix(su:session): session closed for user rubyman
May 12 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380320.
May 12 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22461]: pam_unix(cron:session): session closed for user root
May 12 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25312]: pam_unix(cron:session): session closed for user samftp
May 12 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24441]: pam_unix(cron:session): session closed for user root
May 12 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: Invalid user front from 190.103.202.7
May 12 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: input_userauth_request: invalid user front [preauth]
May 12 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 17:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: Failed password for invalid user front from 190.103.202.7 port 35074 ssh2
May 12 17:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: Connection closed by 190.103.202.7 port 35074 [preauth]
May 12 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25782]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25780]: pam_unix(cron:session): session closed for user p13x
May 12 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25862]: Successful su for rubyman by root
May 12 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25862]: + ??? root:rubyman
May 12 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380323 of user rubyman.
May 12 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25862]: pam_unix(su:session): session closed for user rubyman
May 12 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380323.
May 12 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22983]: pam_unix(cron:session): session closed for user root
May 12 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25781]: pam_unix(cron:session): session closed for user samftp
May 12 17:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26097]: Failed password for root from 218.92.0.179 port 30866 ssh2
May 12 17:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26097]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 30866 ssh2]
May 12 17:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26097]: Received disconnect from 218.92.0.179 port 30866:11:  [preauth]
May 12 17:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26097]: Disconnected from 218.92.0.179 port 30866 [preauth]
May 12 17:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26097]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 12 17:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session closed for user root
May 12 17:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Failed password for root from 218.92.0.210 port 5928 ssh2
May 12 17:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Failed password for root from 218.92.0.210 port 5928 ssh2
May 12 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: Connection closed by 121.74.213.40 port 53931 [preauth]
May 12 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Failed password for root from 218.92.0.210 port 5928 ssh2
May 12 17:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: message repeated 2 times: [ Failed password for root from 218.92.0.210 port 5928 ssh2]
May 12 17:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 5928 ssh2 [preauth]
May 12 17:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Disconnecting: Too many authentication failures [preauth]
May 12 17:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 12 17:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 17:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 12 17:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Failed password for root from 218.92.0.210 port 1098 ssh2
May 12 17:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: message repeated 2 times: [ Failed password for root from 218.92.0.210 port 1098 ssh2]
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26224]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session closed for user p13x
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26284]: Successful su for rubyman by root
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26284]: + ??? root:rubyman
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380328 of user rubyman.
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26284]: pam_unix(su:session): session closed for user rubyman
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380328.
May 12 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Failed password for root from 218.92.0.210 port 1098 ssh2
May 12 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Failed password for root from 218.92.0.210 port 1098 ssh2
May 12 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23489]: pam_unix(cron:session): session closed for user root
May 12 17:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26222]: pam_unix(cron:session): session closed for user samftp
May 12 17:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Failed password for root from 218.92.0.210 port 1098 ssh2
May 12 17:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 1098 ssh2 [preauth]
May 12 17:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Disconnecting: Too many authentication failures [preauth]
May 12 17:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 12 17:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 17:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 12 17:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: Failed password for root from 218.92.0.210 port 31980 ssh2
May 12 17:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: Received disconnect from 218.92.0.210 port 31980:11:  [preauth]
May 12 17:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: Disconnected from 218.92.0.210 port 31980 [preauth]
May 12 17:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: Invalid user admin from 80.94.95.125
May 12 17:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: input_userauth_request: invalid user admin [preauth]
May 12 17:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 17:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: Failed password for invalid user admin from 80.94.95.125 port 62200 ssh2
May 12 17:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: Received disconnect from 80.94.95.125 port 62200:11: Bye [preauth]
May 12 17:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: Disconnected from 80.94.95.125 port 62200 [preauth]
May 12 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25314]: pam_unix(cron:session): session closed for user root
May 12 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26729]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26728]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26726]: pam_unix(cron:session): session closed for user p13x
May 12 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26807]: Successful su for rubyman by root
May 12 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26807]: + ??? root:rubyman
May 12 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380331 of user rubyman.
May 12 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26807]: pam_unix(su:session): session closed for user rubyman
May 12 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380331.
May 12 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24012]: pam_unix(cron:session): session closed for user root
May 12 17:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26727]: pam_unix(cron:session): session closed for user samftp
May 12 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Invalid user lab from 83.235.16.111
May 12 17:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: input_userauth_request: invalid user lab [preauth]
May 12 17:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Failed password for invalid user lab from 83.235.16.111 port 46190 ssh2
May 12 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Received disconnect from 83.235.16.111 port 46190:11: Bye Bye [preauth]
May 12 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Disconnected from 83.235.16.111 port 46190 [preauth]
May 12 17:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Connection closed by 130.195.4.218 port 52952 [preauth]
May 12 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27123]: Invalid user linkdood from 218.60.8.248
May 12 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27123]: input_userauth_request: invalid user linkdood [preauth]
May 12 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27123]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.60.8.248
May 12 17:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27123]: Failed password for invalid user linkdood from 218.60.8.248 port 42574 ssh2
May 12 17:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27123]: Received disconnect from 218.60.8.248 port 42574:11: Bye Bye [preauth]
May 12 17:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27123]: Disconnected from 218.60.8.248 port 42574 [preauth]
May 12 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25783]: pam_unix(cron:session): session closed for user root
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27260]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27257]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27259]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27258]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27260]: pam_unix(cron:session): session closed for user root
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27254]: pam_unix(cron:session): session closed for user p13x
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27348]: Successful su for rubyman by root
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27348]: + ??? root:rubyman
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380338 of user rubyman.
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27348]: pam_unix(su:session): session closed for user rubyman
May 12 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380338.
May 12 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27257]: pam_unix(cron:session): session closed for user root
May 12 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24440]: pam_unix(cron:session): session closed for user root
May 12 17:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27255]: pam_unix(cron:session): session closed for user samftp
May 12 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26224]: pam_unix(cron:session): session closed for user root
May 12 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27800]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27796]: pam_unix(cron:session): session closed for user p13x
May 12 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27886]: Successful su for rubyman by root
May 12 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27886]: + ??? root:rubyman
May 12 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380341 of user rubyman.
May 12 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27886]: pam_unix(su:session): session closed for user rubyman
May 12 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380341.
May 12 17:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24861]: pam_unix(cron:session): session closed for user root
May 12 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27797]: pam_unix(cron:session): session closed for user samftp
May 12 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26729]: pam_unix(cron:session): session closed for user root
May 12 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: Invalid user landi from 83.235.16.111
May 12 17:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: input_userauth_request: invalid user landi [preauth]
May 12 17:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28234]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28235]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28232]: pam_unix(cron:session): session closed for user p13x
May 12 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28292]: Successful su for rubyman by root
May 12 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28292]: + ??? root:rubyman
May 12 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380345 of user rubyman.
May 12 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28292]: pam_unix(su:session): session closed for user rubyman
May 12 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380345.
May 12 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: Failed password for invalid user landi from 83.235.16.111 port 37358 ssh2
May 12 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: Received disconnect from 83.235.16.111 port 37358:11: Bye Bye [preauth]
May 12 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: Disconnected from 83.235.16.111 port 37358 [preauth]
May 12 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25313]: pam_unix(cron:session): session closed for user root
May 12 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28233]: pam_unix(cron:session): session closed for user samftp
May 12 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27259]: pam_unix(cron:session): session closed for user root
May 12 17:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: Invalid user admin from 80.94.95.112
May 12 17:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: input_userauth_request: invalid user admin [preauth]
May 12 17:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 17:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: Failed password for invalid user admin from 80.94.95.112 port 54441 ssh2
May 12 17:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: Failed password for invalid user admin from 80.94.95.112 port 54441 ssh2
May 12 17:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: Failed password for invalid user admin from 80.94.95.112 port 54441 ssh2
May 12 17:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: Failed password for invalid user admin from 80.94.95.112 port 54441 ssh2
May 12 17:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: Failed password for invalid user admin from 80.94.95.112 port 54441 ssh2
May 12 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: Received disconnect from 80.94.95.112 port 54441:11: Bye [preauth]
May 12 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: Disconnected from 80.94.95.112 port 54441 [preauth]
May 12 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28617]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: Invalid user df from 121.74.213.40
May 12 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: input_userauth_request: invalid user df [preauth]
May 12 17:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.74.213.40
May 12 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28649]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28648]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28646]: pam_unix(cron:session): session closed for user p13x
May 12 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28708]: Successful su for rubyman by root
May 12 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28708]: + ??? root:rubyman
May 12 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380349 of user rubyman.
May 12 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28708]: pam_unix(su:session): session closed for user rubyman
May 12 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380349.
May 12 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: Failed password for invalid user df from 121.74.213.40 port 54209 ssh2
May 12 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25782]: pam_unix(cron:session): session closed for user root
May 12 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28647]: pam_unix(cron:session): session closed for user samftp
May 12 17:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: Connection closed by 121.74.213.40 port 54209 [preauth]
May 12 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session closed for user root
May 12 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: Invalid user dong from 83.235.16.111
May 12 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: input_userauth_request: invalid user dong [preauth]
May 12 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 17:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: Failed password for invalid user dong from 83.235.16.111 port 44602 ssh2
May 12 17:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: Received disconnect from 83.235.16.111 port 44602:11: Bye Bye [preauth]
May 12 17:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28987]: Disconnected from 83.235.16.111 port 44602 [preauth]
May 12 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29147]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29148]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29145]: pam_unix(cron:session): session closed for user p13x
May 12 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29210]: Successful su for rubyman by root
May 12 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29210]: + ??? root:rubyman
May 12 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380356 of user rubyman.
May 12 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29210]: pam_unix(su:session): session closed for user rubyman
May 12 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380356.
May 12 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session closed for user root
May 12 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29146]: pam_unix(cron:session): session closed for user samftp
May 12 17:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: Invalid user test from 51.79.167.0
May 12 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: input_userauth_request: invalid user test [preauth]
May 12 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 17:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: Failed password for invalid user test from 51.79.167.0 port 50520 ssh2
May 12 17:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: Received disconnect from 51.79.167.0 port 50520:11: Bye Bye [preauth]
May 12 17:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: Disconnected from 51.79.167.0 port 50520 [preauth]
May 12 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28235]: pam_unix(cron:session): session closed for user root
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29564]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29565]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29563]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29566]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29566]: pam_unix(cron:session): session closed for user root
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29560]: pam_unix(cron:session): session closed for user p13x
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29635]: Successful su for rubyman by root
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29635]: + ??? root:rubyman
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380359 of user rubyman.
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29635]: pam_unix(su:session): session closed for user rubyman
May 12 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380359.
May 12 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29563]: pam_unix(cron:session): session closed for user root
May 12 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26728]: pam_unix(cron:session): session closed for user root
May 12 17:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29562]: pam_unix(cron:session): session closed for user samftp
May 12 17:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Invalid user deploy from 83.235.16.111
May 12 17:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: input_userauth_request: invalid user deploy [preauth]
May 12 17:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 17:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Failed password for invalid user deploy from 83.235.16.111 port 51850 ssh2
May 12 17:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Failed password for root from 218.92.0.179 port 50164 ssh2
May 12 17:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Received disconnect from 83.235.16.111 port 51850:11: Bye Bye [preauth]
May 12 17:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Disconnected from 83.235.16.111 port 51850 [preauth]
May 12 17:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Failed password for root from 218.92.0.179 port 50164 ssh2
May 12 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Failed password for root from 218.92.0.179 port 50164 ssh2
May 12 17:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Received disconnect from 218.92.0.179 port 50164:11:  [preauth]
May 12 17:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Disconnected from 218.92.0.179 port 50164 [preauth]
May 12 17:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28649]: pam_unix(cron:session): session closed for user root
May 12 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30008]: pam_unix(cron:session): session closed for user p13x
May 12 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30074]: Successful su for rubyman by root
May 12 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30074]: + ??? root:rubyman
May 12 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380364 of user rubyman.
May 12 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30074]: pam_unix(su:session): session closed for user rubyman
May 12 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380364.
May 12 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27258]: pam_unix(cron:session): session closed for user root
May 12 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session closed for user samftp
May 12 17:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29148]: pam_unix(cron:session): session closed for user root
May 12 17:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May 12 17:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Failed password for root from 83.235.16.111 port 59102 ssh2
May 12 17:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Received disconnect from 83.235.16.111 port 59102:11: Bye Bye [preauth]
May 12 17:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Disconnected from 83.235.16.111 port 59102 [preauth]
May 12 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30418]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session closed for user p13x
May 12 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30479]: Successful su for rubyman by root
May 12 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30479]: + ??? root:rubyman
May 12 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380369 of user rubyman.
May 12 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30479]: pam_unix(su:session): session closed for user rubyman
May 12 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380369.
May 12 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27800]: pam_unix(cron:session): session closed for user root
May 12 17:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30415]: pam_unix(cron:session): session closed for user samftp
May 12 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29565]: pam_unix(cron:session): session closed for user root
May 12 17:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: Invalid user sylwia from 50.235.31.47
May 12 17:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: input_userauth_request: invalid user sylwia [preauth]
May 12 17:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May 12 17:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: Failed password for invalid user sylwia from 50.235.31.47 port 48942 ssh2
May 12 17:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: Connection closed by 50.235.31.47 port 48942 [preauth]
May 12 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30809]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30810]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30807]: pam_unix(cron:session): session closed for user p13x
May 12 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30869]: Successful su for rubyman by root
May 12 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30869]: + ??? root:rubyman
May 12 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380371 of user rubyman.
May 12 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30869]: pam_unix(su:session): session closed for user rubyman
May 12 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380371.
May 12 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28234]: pam_unix(cron:session): session closed for user root
May 12 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30808]: pam_unix(cron:session): session closed for user samftp
May 12 17:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May 12 17:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: Failed password for root from 83.235.16.111 port 38116 ssh2
May 12 17:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: Received disconnect from 83.235.16.111 port 38116:11: Bye Bye [preauth]
May 12 17:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: Disconnected from 83.235.16.111 port 38116 [preauth]
May 12 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session closed for user root
May 12 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31312]: pam_unix(cron:session): session closed for user p13x
May 12 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31374]: Successful su for rubyman by root
May 12 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31374]: + ??? root:rubyman
May 12 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380376 of user rubyman.
May 12 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31374]: pam_unix(su:session): session closed for user rubyman
May 12 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380376.
May 12 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28648]: pam_unix(cron:session): session closed for user root
May 12 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31313]: pam_unix(cron:session): session closed for user samftp
May 12 17:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: Failed password for root from 218.92.0.179 port 28118 ssh2
May 12 17:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 28118 ssh2]
May 12 17:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: Received disconnect from 218.92.0.179 port 28118:11:  [preauth]
May 12 17:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: Disconnected from 218.92.0.179 port 28118 [preauth]
May 12 17:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 17:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30418]: pam_unix(cron:session): session closed for user root
May 12 17:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 17:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Invalid user debian from 83.235.16.111
May 12 17:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: input_userauth_request: invalid user debian [preauth]
May 12 17:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): check pass; user unknown
May 12 17:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 17:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Failed password for invalid user debian from 83.235.16.111 port 45360 ssh2
May 12 17:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Received disconnect from 83.235.16.111 port 45360:11: Bye Bye [preauth]
May 12 17:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Disconnected from 83.235.16.111 port 45360 [preauth]
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31746]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31748]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31749]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session closed for user root
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31746]: pam_unix(cron:session): session closed for user root
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31744]: pam_unix(cron:session): session closed for user p13x
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31839]: Successful su for rubyman by root
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31839]: + ??? root:rubyman
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380379 of user rubyman.
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31839]: pam_unix(su:session): session closed for user rubyman
May 12 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380379.
May 12 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29147]: pam_unix(cron:session): session closed for user root
May 12 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session closed for user root
May 12 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31745]: pam_unix(cron:session): session closed for user samftp
May 12 18:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30810]: pam_unix(cron:session): session closed for user root
May 12 18:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: Invalid user ftptest from 185.93.89.118
May 12 18:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: input_userauth_request: invalid user ftptest [preauth]
May 12 18:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 18:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: Failed password for invalid user ftptest from 185.93.89.118 port 42368 ssh2
May 12 18:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: Connection closed by 185.93.89.118 port 42368 [preauth]
May 12 18:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Invalid user ftptemp from 185.93.89.118
May 12 18:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: input_userauth_request: invalid user ftptemp [preauth]
May 12 18:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32566]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32567]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32564]: pam_unix(cron:session): session closed for user p13x
May 12 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32735]: Successful su for rubyman by root
May 12 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32735]: + ??? root:rubyman
May 12 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380387 of user rubyman.
May 12 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32735]: pam_unix(su:session): session closed for user rubyman
May 12 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380387.
May 12 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Failed password for invalid user ftptemp from 185.93.89.118 port 48276 ssh2
May 12 18:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29564]: pam_unix(cron:session): session closed for user root
May 12 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Connection closed by 185.93.89.118 port 48276 [preauth]
May 12 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32565]: pam_unix(cron:session): session closed for user samftp
May 12 18:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: Invalid user ftpguest from 185.93.89.118
May 12 18:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: input_userauth_request: invalid user ftpguest [preauth]
May 12 18:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 18:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: Failed password for invalid user ftpguest from 185.93.89.118 port 17880 ssh2
May 12 18:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Invalid user admin from 80.94.95.125
May 12 18:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: input_userauth_request: invalid user admin [preauth]
May 12 18:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 18:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Invalid user afds from 121.74.213.40
May 12 18:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: input_userauth_request: invalid user afds [preauth]
May 12 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: Connection closed by 185.93.89.118 port 17880 [preauth]
May 12 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Failed password for invalid user admin from 80.94.95.125 port 44834 ssh2
May 12 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Received disconnect from 80.94.95.125 port 44834:11: Bye [preauth]
May 12 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Disconnected from 80.94.95.125 port 44834 [preauth]
May 12 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.74.213.40
May 12 18:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May 12 18:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Failed password for invalid user afds from 121.74.213.40 port 52396 ssh2
May 12 18:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Failed password for root from 83.235.16.111 port 52608 ssh2
May 12 18:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Received disconnect from 83.235.16.111 port 52608:11: Bye Bye [preauth]
May 12 18:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Disconnected from 83.235.16.111 port 52608 [preauth]
May 12 18:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Connection closed by 121.74.213.40 port 52396 [preauth]
May 12 18:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session closed for user root
May 12 18:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: Invalid user ftpadmin from 185.93.89.118
May 12 18:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: input_userauth_request: invalid user ftpadmin [preauth]
May 12 18:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 18:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: Failed password for invalid user ftpadmin from 185.93.89.118 port 34752 ssh2
May 12 18:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: Connection closed by 185.93.89.118 port 34752 [preauth]
May 12 18:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Invalid user ftptest from 185.93.89.118
May 12 18:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: input_userauth_request: invalid user ftptest [preauth]
May 12 18:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May 12 18:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Failed password for invalid user ftptest from 185.93.89.118 port 27994 ssh2
May 12 18:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Connection closed by 185.93.89.118 port 27994 [preauth]
May 12 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[729]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[730]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[727]: pam_unix(cron:session): session closed for user p13x
May 12 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[800]: Successful su for rubyman by root
May 12 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[800]: + ??? root:rubyman
May 12 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380391 of user rubyman.
May 12 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[800]: pam_unix(su:session): session closed for user rubyman
May 12 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380391.
May 12 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session closed for user root
May 12 18:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[728]: pam_unix(cron:session): session closed for user samftp
May 12 18:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 12 18:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: Failed password for root from 218.92.0.210 port 22426 ssh2
May 12 18:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 22426 ssh2]
May 12 18:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 22426 ssh2 [preauth]
May 12 18:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: Disconnecting: Too many authentication failures [preauth]
May 12 18:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 12 18:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 18:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 12 18:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31749]: pam_unix(cron:session): session closed for user root
May 12 18:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Failed password for root from 218.92.0.210 port 44732 ssh2
May 12 18:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 44732 ssh2]
May 12 18:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Invalid user nexus from 51.79.167.0
May 12 18:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: input_userauth_request: invalid user nexus [preauth]
May 12 18:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 18:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Failed password for root from 218.92.0.210 port 44732 ssh2
May 12 18:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 44732 ssh2 [preauth]
May 12 18:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Disconnecting: Too many authentication failures [preauth]
May 12 18:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 12 18:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 18:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Failed password for invalid user nexus from 51.79.167.0 port 47086 ssh2
May 12 18:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Received disconnect from 51.79.167.0 port 47086:11: Bye Bye [preauth]
May 12 18:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Disconnected from 51.79.167.0 port 47086 [preauth]
May 12 18:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 12 18:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1189]: Failed password for root from 218.92.0.210 port 41982 ssh2
May 12 18:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1189]: Received disconnect from 218.92.0.210 port 41982:11:  [preauth]
May 12 18:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1189]: Disconnected from 218.92.0.210 port 41982 [preauth]
May 12 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1219]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1223]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1215]: pam_unix(cron:session): session closed for user p13x
May 12 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1297]: Successful su for rubyman by root
May 12 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1297]: + ??? root:rubyman
May 12 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380395 of user rubyman.
May 12 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1297]: pam_unix(su:session): session closed for user rubyman
May 12 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380395.
May 12 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: Invalid user linkdood from 83.235.16.111
May 12 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: input_userauth_request: invalid user linkdood [preauth]
May 12 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session closed for user root
May 12 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: Failed password for invalid user linkdood from 83.235.16.111 port 59852 ssh2
May 12 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: Received disconnect from 83.235.16.111 port 59852:11: Bye Bye [preauth]
May 12 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: Disconnected from 83.235.16.111 port 59852 [preauth]
May 12 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1216]: pam_unix(cron:session): session closed for user samftp
May 12 18:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: Invalid user abc123 from 130.195.4.218
May 12 18:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: input_userauth_request: invalid user abc123 [preauth]
May 12 18:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.4.218
May 12 18:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: Failed password for invalid user abc123 from 130.195.4.218 port 35270 ssh2
May 12 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32567]: pam_unix(cron:session): session closed for user root
May 12 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1702]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1703]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1694]: pam_unix(cron:session): session closed for user p13x
May 12 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1775]: Successful su for rubyman by root
May 12 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1775]: + ??? root:rubyman
May 12 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380398 of user rubyman.
May 12 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1775]: pam_unix(su:session): session closed for user rubyman
May 12 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380398.
May 12 18:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30809]: pam_unix(cron:session): session closed for user root
May 12 18:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1696]: pam_unix(cron:session): session closed for user samftp
May 12 18:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[730]: pam_unix(cron:session): session closed for user root
May 12 18:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May 12 18:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2161]: Failed password for root from 83.235.16.111 port 38872 ssh2
May 12 18:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2161]: Received disconnect from 83.235.16.111 port 38872:11: Bye Bye [preauth]
May 12 18:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2161]: Disconnected from 83.235.16.111 port 38872 [preauth]
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2213]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session closed for user root
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2211]: pam_unix(cron:session): session closed for user p13x
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2282]: Successful su for rubyman by root
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2282]: + ??? root:rubyman
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380402 of user rubyman.
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2282]: pam_unix(su:session): session closed for user rubyman
May 12 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380402.
May 12 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2213]: pam_unix(cron:session): session closed for user root
May 12 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session closed for user root
May 12 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session closed for user samftp
May 12 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1223]: pam_unix(cron:session): session closed for user root
May 12 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2703]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2704]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2701]: pam_unix(cron:session): session closed for user p13x
May 12 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2770]: Successful su for rubyman by root
May 12 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2770]: + ??? root:rubyman
May 12 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380410 of user rubyman.
May 12 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2770]: pam_unix(su:session): session closed for user rubyman
May 12 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380410.
May 12 18:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31748]: pam_unix(cron:session): session closed for user root
May 12 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2702]: pam_unix(cron:session): session closed for user samftp
May 12 18:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May 12 18:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: Failed password for root from 83.235.16.111 port 46120 ssh2
May 12 18:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: Received disconnect from 83.235.16.111 port 46120:11: Bye Bye [preauth]
May 12 18:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: Disconnected from 83.235.16.111 port 46120 [preauth]
May 12 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1703]: pam_unix(cron:session): session closed for user root
May 12 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3125]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3124]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3122]: pam_unix(cron:session): session closed for user p13x
May 12 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3186]: Successful su for rubyman by root
May 12 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3186]: + ??? root:rubyman
May 12 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380413 of user rubyman.
May 12 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3186]: pam_unix(su:session): session closed for user rubyman
May 12 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380413.
May 12 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32566]: pam_unix(cron:session): session closed for user root
May 12 18:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3123]: pam_unix(cron:session): session closed for user samftp
May 12 18:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: Failed password for root from 218.92.0.179 port 31661 ssh2
May 12 18:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 31661 ssh2]
May 12 18:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: Received disconnect from 218.92.0.179 port 31661:11:  [preauth]
May 12 18:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: Disconnected from 218.92.0.179 port 31661 [preauth]
May 12 18:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session closed for user root
May 12 18:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May 12 18:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: Failed password for root from 83.235.16.111 port 53370 ssh2
May 12 18:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: Received disconnect from 83.235.16.111 port 53370:11: Bye Bye [preauth]
May 12 18:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: Disconnected from 83.235.16.111 port 53370 [preauth]
May 12 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3593]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3592]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3561]: pam_unix(cron:session): session closed for user p13x
May 12 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3651]: Successful su for rubyman by root
May 12 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3651]: + ??? root:rubyman
May 12 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380416 of user rubyman.
May 12 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3651]: pam_unix(su:session): session closed for user rubyman
May 12 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380416.
May 12 18:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[729]: pam_unix(cron:session): session closed for user root
May 12 18:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3591]: pam_unix(cron:session): session closed for user samftp
May 12 18:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Invalid user dong from 51.79.167.0
May 12 18:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: input_userauth_request: invalid user dong [preauth]
May 12 18:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 18:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Failed password for invalid user dong from 51.79.167.0 port 59304 ssh2
May 12 18:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Received disconnect from 51.79.167.0 port 59304:11: Bye Bye [preauth]
May 12 18:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Disconnected from 51.79.167.0 port 59304 [preauth]
May 12 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2704]: pam_unix(cron:session): session closed for user root
May 12 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4032]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4031]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4027]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4029]: pam_unix(cron:session): session closed for user p13x
May 12 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4156]: Successful su for rubyman by root
May 12 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4156]: + ??? root:rubyman
May 12 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380422 of user rubyman.
May 12 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4156]: pam_unix(su:session): session closed for user rubyman
May 12 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380422.
May 12 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4027]: pam_unix(cron:session): session closed for user root
May 12 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1219]: pam_unix(cron:session): session closed for user root
May 12 18:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4030]: pam_unix(cron:session): session closed for user samftp
May 12 18:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3125]: pam_unix(cron:session): session closed for user root
May 12 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Invalid user oussama from 83.235.16.111
May 12 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: input_userauth_request: invalid user oussama [preauth]
May 12 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 18:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Failed password for invalid user oussama from 83.235.16.111 port 60612 ssh2
May 12 18:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Received disconnect from 83.235.16.111 port 60612:11: Bye Bye [preauth]
May 12 18:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Disconnected from 83.235.16.111 port 60612 [preauth]
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4700]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4699]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4697]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4698]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4700]: pam_unix(cron:session): session closed for user root
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4695]: pam_unix(cron:session): session closed for user p13x
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4765]: Successful su for rubyman by root
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4765]: + ??? root:rubyman
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380426 of user rubyman.
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4765]: pam_unix(su:session): session closed for user rubyman
May 12 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380426.
May 12 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4697]: pam_unix(cron:session): session closed for user root
May 12 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1702]: pam_unix(cron:session): session closed for user root
May 12 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session closed for user samftp
May 12 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3593]: pam_unix(cron:session): session closed for user root
May 12 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5342]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5343]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5340]: pam_unix(cron:session): session closed for user p13x
May 12 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: Successful su for rubyman by root
May 12 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: + ??? root:rubyman
May 12 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380432 of user rubyman.
May 12 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: pam_unix(su:session): session closed for user rubyman
May 12 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380432.
May 12 18:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session closed for user root
May 12 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5341]: pam_unix(cron:session): session closed for user samftp
May 12 18:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May 12 18:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Failed password for root from 83.235.16.111 port 39630 ssh2
May 12 18:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Received disconnect from 83.235.16.111 port 39630:11: Bye Bye [preauth]
May 12 18:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Disconnected from 83.235.16.111 port 39630 [preauth]
May 12 18:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4032]: pam_unix(cron:session): session closed for user root
May 12 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5897]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5896]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5894]: pam_unix(cron:session): session closed for user p13x
May 12 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5957]: Successful su for rubyman by root
May 12 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5957]: + ??? root:rubyman
May 12 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380435 of user rubyman.
May 12 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5957]: pam_unix(su:session): session closed for user rubyman
May 12 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380435.
May 12 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2703]: pam_unix(cron:session): session closed for user root
May 12 18:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5895]: pam_unix(cron:session): session closed for user samftp
May 12 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4699]: pam_unix(cron:session): session closed for user root
May 12 18:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Invalid user webapps from 83.235.16.111
May 12 18:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: input_userauth_request: invalid user webapps [preauth]
May 12 18:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 18:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Failed password for invalid user webapps from 83.235.16.111 port 46876 ssh2
May 12 18:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Received disconnect from 83.235.16.111 port 46876:11: Bye Bye [preauth]
May 12 18:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Disconnected from 83.235.16.111 port 46876 [preauth]
May 12 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6320]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6318]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6315]: pam_unix(cron:session): session closed for user p13x
May 12 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6376]: Successful su for rubyman by root
May 12 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6376]: + ??? root:rubyman
May 12 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380439 of user rubyman.
May 12 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6376]: pam_unix(su:session): session closed for user rubyman
May 12 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380439.
May 12 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3124]: pam_unix(cron:session): session closed for user root
May 12 18:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6316]: pam_unix(cron:session): session closed for user samftp
May 12 18:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0  user=root
May 12 18:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: Failed password for root from 51.79.167.0 port 42880 ssh2
May 12 18:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: Received disconnect from 51.79.167.0 port 42880:11: Bye Bye [preauth]
May 12 18:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: Disconnected from 51.79.167.0 port 42880 [preauth]
May 12 18:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5343]: pam_unix(cron:session): session closed for user root
May 12 18:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6731]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6732]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6729]: pam_unix(cron:session): session closed for user p13x
May 12 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6794]: Successful su for rubyman by root
May 12 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6794]: + ??? root:rubyman
May 12 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380444 of user rubyman.
May 12 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6794]: pam_unix(su:session): session closed for user rubyman
May 12 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380444.
May 12 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: Failed password for root from 218.92.0.179 port 11888 ssh2
May 12 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3592]: pam_unix(cron:session): session closed for user root
May 12 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: Failed password for root from 218.92.0.179 port 11888 ssh2
May 12 18:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6730]: pam_unix(cron:session): session closed for user samftp
May 12 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: Failed password for root from 218.92.0.179 port 11888 ssh2
May 12 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: Received disconnect from 218.92.0.179 port 11888:11:  [preauth]
May 12 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: Disconnected from 218.92.0.179 port 11888 [preauth]
May 12 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May 12 18:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7088]: Failed password for root from 83.235.16.111 port 54128 ssh2
May 12 18:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7088]: Received disconnect from 83.235.16.111 port 54128:11: Bye Bye [preauth]
May 12 18:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7088]: Disconnected from 83.235.16.111 port 54128 [preauth]
May 12 18:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Invalid user maria from 80.94.95.125
May 12 18:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: input_userauth_request: invalid user maria [preauth]
May 12 18:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 18:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Failed password for invalid user maria from 80.94.95.125 port 44806 ssh2
May 12 18:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Received disconnect from 80.94.95.125 port 44806:11: Bye [preauth]
May 12 18:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Disconnected from 80.94.95.125 port 44806 [preauth]
May 12 18:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5897]: pam_unix(cron:session): session closed for user root
May 12 18:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: Invalid user appuser from 190.103.202.7
May 12 18:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: input_userauth_request: invalid user appuser [preauth]
May 12 18:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 18:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: Failed password for invalid user appuser from 190.103.202.7 port 56918 ssh2
May 12 18:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: Connection closed by 190.103.202.7 port 56918 [preauth]
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7260]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7259]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7261]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7257]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7261]: pam_unix(cron:session): session closed for user root
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7255]: pam_unix(cron:session): session closed for user p13x
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7326]: Successful su for rubyman by root
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7326]: + ??? root:rubyman
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380448 of user rubyman.
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7326]: pam_unix(su:session): session closed for user rubyman
May 12 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380448.
May 12 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7257]: pam_unix(cron:session): session closed for user root
May 12 18:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4031]: pam_unix(cron:session): session closed for user root
May 12 18:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7256]: pam_unix(cron:session): session closed for user samftp
May 12 18:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: Invalid user panorama from 103.112.131.70
May 12 18:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: input_userauth_request: invalid user panorama [preauth]
May 12 18:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70
May 12 18:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: Failed password for invalid user panorama from 103.112.131.70 port 48108 ssh2
May 12 18:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: Received disconnect from 103.112.131.70 port 48108:11: Bye Bye [preauth]
May 12 18:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: Disconnected from 103.112.131.70 port 48108 [preauth]
May 12 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6320]: pam_unix(cron:session): session closed for user root
May 12 18:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: Invalid user squid from 83.235.16.111
May 12 18:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: input_userauth_request: invalid user squid [preauth]
May 12 18:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 18:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: Failed password for invalid user squid from 83.235.16.111 port 33142 ssh2
May 12 18:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: Received disconnect from 83.235.16.111 port 33142:11: Bye Bye [preauth]
May 12 18:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: Disconnected from 83.235.16.111 port 33142 [preauth]
May 12 18:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: Invalid user zyx from 193.32.162.157
May 12 18:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: input_userauth_request: invalid user zyx [preauth]
May 12 18:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 18:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: Failed password for invalid user zyx from 193.32.162.157 port 27540 ssh2
May 12 18:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: Connection closed by 193.32.162.157 port 27540 [preauth]
May 12 18:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7819]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7818]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7816]: pam_unix(cron:session): session closed for user p13x
May 12 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7884]: Successful su for rubyman by root
May 12 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7884]: + ??? root:rubyman
May 12 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380453 of user rubyman.
May 12 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7884]: pam_unix(su:session): session closed for user rubyman
May 12 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380453.
May 12 18:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4698]: pam_unix(cron:session): session closed for user root
May 12 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7817]: pam_unix(cron:session): session closed for user samftp
May 12 18:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: Invalid user abc from 193.32.162.157
May 12 18:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: input_userauth_request: invalid user abc [preauth]
May 12 18:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 18:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: Failed password for invalid user abc from 193.32.162.157 port 40204 ssh2
May 12 18:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: Connection closed by 193.32.162.157 port 40204 [preauth]
May 12 18:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: Invalid user zn from 193.32.162.157
May 12 18:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: input_userauth_request: invalid user zn [preauth]
May 12 18:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 18:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6732]: pam_unix(cron:session): session closed for user root
May 12 18:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: Failed password for invalid user zn from 193.32.162.157 port 51420 ssh2
May 12 18:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: Connection closed by 193.32.162.157 port 51420 [preauth]
May 12 18:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8198]: Invalid user abc from 193.32.162.157
May 12 18:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8198]: input_userauth_request: invalid user abc [preauth]
May 12 18:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8198]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 18:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8198]: Failed password for invalid user abc from 193.32.162.157 port 46058 ssh2
May 12 18:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8198]: Connection closed by 193.32.162.157 port 46058 [preauth]
May 12 18:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8256]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8256]: pam_unix(cron:session): session closed for user root
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8258]: pam_unix(cron:session): session closed for user p13x
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8327]: Successful su for rubyman by root
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8327]: + ??? root:rubyman
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380457 of user rubyman.
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8327]: pam_unix(su:session): session closed for user rubyman
May 12 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380457.
May 12 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5342]: pam_unix(cron:session): session closed for user root
May 12 18:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session closed for user samftp
May 12 18:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: Invalid user zz from 193.32.162.157
May 12 18:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: input_userauth_request: invalid user zz [preauth]
May 12 18:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 18:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: Failed password for invalid user zz from 193.32.162.157 port 52154 ssh2
May 12 18:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: Connection closed by 193.32.162.157 port 52154 [preauth]
May 12 18:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Invalid user mapserver from 83.235.16.111
May 12 18:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: input_userauth_request: invalid user mapserver [preauth]
May 12 18:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 18:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Failed password for invalid user mapserver from 83.235.16.111 port 40382 ssh2
May 12 18:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Received disconnect from 83.235.16.111 port 40382:11: Bye Bye [preauth]
May 12 18:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Disconnected from 83.235.16.111 port 40382 [preauth]
May 12 18:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 18:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8562]: Failed password for root from 218.92.0.201 port 65404 ssh2
May 12 18:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8562]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 65404 ssh2]
May 12 18:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7260]: pam_unix(cron:session): session closed for user root
May 12 18:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8562]: Failed password for root from 218.92.0.201 port 65404 ssh2
May 12 18:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8562]: Failed password for root from 218.92.0.201 port 65404 ssh2
May 12 18:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8562]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 65404 ssh2 [preauth]
May 12 18:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8562]: Disconnecting: Too many authentication failures [preauth]
May 12 18:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8562]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 18:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8562]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 18:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 18:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: Failed password for root from 218.92.0.201 port 9010 ssh2
May 12 18:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: message repeated 5 times: [ Failed password for root from 218.92.0.201 port 9010 ssh2]
May 12 18:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 9010 ssh2 [preauth]
May 12 18:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: Disconnecting: Too many authentication failures [preauth]
May 12 18:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May 12 18:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8692]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8693]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8690]: pam_unix(cron:session): session closed for user p13x
May 12 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8763]: Successful su for rubyman by root
May 12 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8763]: + ??? root:rubyman
May 12 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380462 of user rubyman.
May 12 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8763]: pam_unix(su:session): session closed for user rubyman
May 12 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380462.
May 12 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5896]: pam_unix(cron:session): session closed for user root
May 12 18:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8691]: pam_unix(cron:session): session closed for user samftp
May 12 18:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0  user=root
May 12 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7819]: pam_unix(cron:session): session closed for user root
May 12 18:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9015]: Failed password for root from 51.79.167.0 port 54800 ssh2
May 12 18:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9015]: Received disconnect from 51.79.167.0 port 54800:11: Bye Bye [preauth]
May 12 18:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9015]: Disconnected from 51.79.167.0 port 54800 [preauth]
May 12 18:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Invalid user test from 83.235.16.111
May 12 18:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: input_userauth_request: invalid user test [preauth]
May 12 18:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 18:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Failed password for invalid user test from 83.235.16.111 port 47618 ssh2
May 12 18:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Received disconnect from 83.235.16.111 port 47618:11: Bye Bye [preauth]
May 12 18:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Disconnected from 83.235.16.111 port 47618 [preauth]
May 12 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9110]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9111]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9108]: pam_unix(cron:session): session closed for user p13x
May 12 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: Successful su for rubyman by root
May 12 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: + ??? root:rubyman
May 12 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380467 of user rubyman.
May 12 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: pam_unix(su:session): session closed for user rubyman
May 12 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380467.
May 12 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6318]: pam_unix(cron:session): session closed for user root
May 12 18:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9109]: pam_unix(cron:session): session closed for user samftp
May 12 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session closed for user root
May 12 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9624]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9626]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9625]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9627]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9627]: pam_unix(cron:session): session closed for user root
May 12 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9622]: pam_unix(cron:session): session closed for user p13x
May 12 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9695]: Successful su for rubyman by root
May 12 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9695]: + ??? root:rubyman
May 12 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380471 of user rubyman.
May 12 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9695]: pam_unix(su:session): session closed for user rubyman
May 12 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380471.
May 12 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6731]: pam_unix(cron:session): session closed for user root
May 12 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9624]: pam_unix(cron:session): session closed for user root
May 12 18:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9623]: pam_unix(cron:session): session closed for user samftp
May 12 18:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Invalid user poc from 118.107.44.111
May 12 18:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: input_userauth_request: invalid user poc [preauth]
May 12 18:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Failed password for invalid user poc from 118.107.44.111 port 36980 ssh2
May 12 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Received disconnect from 118.107.44.111 port 36980:11: Bye Bye [preauth]
May 12 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Disconnected from 118.107.44.111 port 36980 [preauth]
May 12 18:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Invalid user nexus from 83.235.16.111
May 12 18:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: input_userauth_request: invalid user nexus [preauth]
May 12 18:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May 12 18:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Failed password for invalid user nexus from 83.235.16.111 port 54864 ssh2
May 12 18:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Received disconnect from 83.235.16.111 port 54864:11: Bye Bye [preauth]
May 12 18:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Disconnected from 83.235.16.111 port 54864 [preauth]
May 12 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8693]: pam_unix(cron:session): session closed for user root
May 12 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10068]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10066]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10064]: pam_unix(cron:session): session closed for user p13x
May 12 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10132]: Successful su for rubyman by root
May 12 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10132]: + ??? root:rubyman
May 12 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380476 of user rubyman.
May 12 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10132]: pam_unix(su:session): session closed for user rubyman
May 12 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380476.
May 12 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7259]: pam_unix(cron:session): session closed for user root
May 12 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10065]: pam_unix(cron:session): session closed for user samftp
May 12 18:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70  user=root
May 12 18:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: Failed password for root from 103.112.131.70 port 32848 ssh2
May 12 18:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: Received disconnect from 103.112.131.70 port 32848:11: Bye Bye [preauth]
May 12 18:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: Disconnected from 103.112.131.70 port 32848 [preauth]
May 12 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9111]: pam_unix(cron:session): session closed for user root
May 12 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10584]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10582]: pam_unix(cron:session): session closed for user p13x
May 12 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10676]: Successful su for rubyman by root
May 12 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10676]: + ??? root:rubyman
May 12 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380480 of user rubyman.
May 12 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10676]: pam_unix(su:session): session closed for user rubyman
May 12 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380480.
May 12 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7818]: pam_unix(cron:session): session closed for user root
May 12 18:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10583]: pam_unix(cron:session): session closed for user samftp
May 12 18:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: Failed password for root from 218.92.0.179 port 47059 ssh2
May 12 18:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 47059 ssh2]
May 12 18:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: Received disconnect from 218.92.0.179 port 47059:11:  [preauth]
May 12 18:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: Disconnected from 218.92.0.179 port 47059 [preauth]
May 12 18:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9626]: pam_unix(cron:session): session closed for user root
May 12 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11038]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11039]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11035]: pam_unix(cron:session): session closed for user p13x
May 12 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11099]: Successful su for rubyman by root
May 12 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11099]: + ??? root:rubyman
May 12 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380486 of user rubyman.
May 12 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11099]: pam_unix(su:session): session closed for user rubyman
May 12 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380486.
May 12 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session closed for user root
May 12 18:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11036]: pam_unix(cron:session): session closed for user samftp
May 12 18:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10068]: pam_unix(cron:session): session closed for user root
May 12 18:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: Invalid user oussama from 51.79.167.0
May 12 18:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: input_userauth_request: invalid user oussama [preauth]
May 12 18:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11429]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11428]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11426]: pam_unix(cron:session): session closed for user p13x
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: Failed password for invalid user oussama from 51.79.167.0 port 38736 ssh2
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: Successful su for rubyman by root
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: + ??? root:rubyman
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380488 of user rubyman.
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: pam_unix(su:session): session closed for user rubyman
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380488.
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: Received disconnect from 51.79.167.0 port 38736:11: Bye Bye [preauth]
May 12 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: Disconnected from 51.79.167.0 port 38736 [preauth]
May 12 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8692]: pam_unix(cron:session): session closed for user root
May 12 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11427]: pam_unix(cron:session): session closed for user samftp
May 12 18:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Invalid user ionela from 118.107.44.111
May 12 18:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: input_userauth_request: invalid user ionela [preauth]
May 12 18:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Failed password for invalid user ionela from 118.107.44.111 port 36400 ssh2
May 12 18:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Received disconnect from 118.107.44.111 port 36400:11: Bye Bye [preauth]
May 12 18:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Disconnected from 118.107.44.111 port 36400 [preauth]
May 12 18:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session closed for user root
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11831]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session closed for user root
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11829]: pam_unix(cron:session): session closed for user p13x
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11898]: Successful su for rubyman by root
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11898]: + ??? root:rubyman
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380495 of user rubyman.
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11898]: pam_unix(su:session): session closed for user rubyman
May 12 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380495.
May 12 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11831]: pam_unix(cron:session): session closed for user root
May 12 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9110]: pam_unix(cron:session): session closed for user root
May 12 18:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11830]: pam_unix(cron:session): session closed for user samftp
May 12 18:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Invalid user admin from 80.94.95.112
May 12 18:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: input_userauth_request: invalid user admin [preauth]
May 12 18:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11039]: pam_unix(cron:session): session closed for user root
May 12 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Failed password for invalid user admin from 80.94.95.112 port 13037 ssh2
May 12 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Failed password for invalid user admin from 80.94.95.112 port 13037 ssh2
May 12 18:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Failed password for invalid user admin from 80.94.95.112 port 13037 ssh2
May 12 18:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Failed password for invalid user admin from 80.94.95.112 port 13037 ssh2
May 12 18:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Failed password for invalid user admin from 80.94.95.112 port 13037 ssh2
May 12 18:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Received disconnect from 80.94.95.112 port 13037:11: Bye [preauth]
May 12 18:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Disconnected from 80.94.95.112 port 13037 [preauth]
May 12 18:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 18:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12249]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12250]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12247]: pam_unix(cron:session): session closed for user p13x
May 12 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12331]: Successful su for rubyman by root
May 12 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12331]: + ??? root:rubyman
May 12 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380499 of user rubyman.
May 12 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12331]: pam_unix(su:session): session closed for user rubyman
May 12 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380499.
May 12 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9625]: pam_unix(cron:session): session closed for user root
May 12 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12248]: pam_unix(cron:session): session closed for user samftp
May 12 18:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: Invalid user user-backup from 118.107.44.111
May 12 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: input_userauth_request: invalid user user-backup [preauth]
May 12 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: Failed password for invalid user user-backup from 118.107.44.111 port 43320 ssh2
May 12 18:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: Received disconnect from 118.107.44.111 port 43320:11: Bye Bye [preauth]
May 12 18:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: Disconnected from 118.107.44.111 port 43320 [preauth]
May 12 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11429]: pam_unix(cron:session): session closed for user root
May 12 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12662]: pam_unix(cron:session): session closed for user p13x
May 12 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: Successful su for rubyman by root
May 12 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: + ??? root:rubyman
May 12 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380502 of user rubyman.
May 12 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: pam_unix(su:session): session closed for user rubyman
May 12 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380502.
May 12 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10066]: pam_unix(cron:session): session closed for user root
May 12 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12663]: pam_unix(cron:session): session closed for user samftp
May 12 18:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 18:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Failed password for root from 80.94.95.125 port 56547 ssh2
May 12 18:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Received disconnect from 80.94.95.125 port 56547:11: Bye [preauth]
May 12 18:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Disconnected from 80.94.95.125 port 56547 [preauth]
May 12 18:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Invalid user vishnu from 103.112.131.70
May 12 18:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: input_userauth_request: invalid user vishnu [preauth]
May 12 18:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70
May 12 18:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Failed password for invalid user vishnu from 103.112.131.70 port 49976 ssh2
May 12 18:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Received disconnect from 103.112.131.70 port 49976:11: Bye Bye [preauth]
May 12 18:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Disconnected from 103.112.131.70 port 49976 [preauth]
May 12 18:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session closed for user root
May 12 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session closed for user p13x
May 12 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13121]: Successful su for rubyman by root
May 12 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13121]: + ??? root:rubyman
May 12 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380507 of user rubyman.
May 12 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13121]: pam_unix(su:session): session closed for user rubyman
May 12 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380507.
May 12 18:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10584]: pam_unix(cron:session): session closed for user root
May 12 18:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13062]: pam_unix(cron:session): session closed for user samftp
May 12 18:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Invalid user es from 118.107.44.111
May 12 18:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: input_userauth_request: invalid user es [preauth]
May 12 18:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Failed password for invalid user es from 118.107.44.111 port 50240 ssh2
May 12 18:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Received disconnect from 118.107.44.111 port 50240:11: Bye Bye [preauth]
May 12 18:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Disconnected from 118.107.44.111 port 50240 [preauth]
May 12 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12250]: pam_unix(cron:session): session closed for user root
May 12 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13555]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session closed for user p13x
May 12 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13618]: Successful su for rubyman by root
May 12 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13618]: + ??? root:rubyman
May 12 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380511 of user rubyman.
May 12 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13618]: pam_unix(su:session): session closed for user rubyman
May 12 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380511.
May 12 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11038]: pam_unix(cron:session): session closed for user root
May 12 18:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session closed for user samftp
May 12 18:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: Invalid user landi from 51.79.167.0
May 12 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: input_userauth_request: invalid user landi [preauth]
May 12 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 18:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: Failed password for invalid user landi from 51.79.167.0 port 50886 ssh2
May 12 18:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: Received disconnect from 51.79.167.0 port 50886:11: Bye Bye [preauth]
May 12 18:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: Disconnected from 51.79.167.0 port 50886 [preauth]
May 12 18:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session closed for user root
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13966]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13966]: pam_unix(cron:session): session closed for user root
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session closed for user p13x
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: Successful su for rubyman by root
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: + ??? root:rubyman
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380518 of user rubyman.
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: pam_unix(su:session): session closed for user rubyman
May 12 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380518.
May 12 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session closed for user root
May 12 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11428]: pam_unix(cron:session): session closed for user root
May 12 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session closed for user samftp
May 12 18:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: Invalid user dw from 118.107.44.111
May 12 18:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: input_userauth_request: invalid user dw [preauth]
May 12 18:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: Failed password for invalid user dw from 118.107.44.111 port 57162 ssh2
May 12 18:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: Received disconnect from 118.107.44.111 port 57162:11: Bye Bye [preauth]
May 12 18:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: Disconnected from 118.107.44.111 port 57162 [preauth]
May 12 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session closed for user root
May 12 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14404]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14405]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14402]: pam_unix(cron:session): session closed for user p13x
May 12 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14470]: Successful su for rubyman by root
May 12 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14470]: + ??? root:rubyman
May 12 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380520 of user rubyman.
May 12 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14470]: pam_unix(su:session): session closed for user rubyman
May 12 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380520.
May 12 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session closed for user root
May 12 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14403]: pam_unix(cron:session): session closed for user samftp
May 12 18:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13555]: pam_unix(cron:session): session closed for user root
May 12 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14821]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14820]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14818]: pam_unix(cron:session): session closed for user p13x
May 12 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: Successful su for rubyman by root
May 12 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: + ??? root:rubyman
May 12 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380524 of user rubyman.
May 12 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: pam_unix(su:session): session closed for user rubyman
May 12 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380524.
May 12 18:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12249]: pam_unix(cron:session): session closed for user root
May 12 18:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14819]: pam_unix(cron:session): session closed for user samftp
May 12 18:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Invalid user gg from 118.107.44.111
May 12 18:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: input_userauth_request: invalid user gg [preauth]
May 12 18:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Failed password for invalid user gg from 118.107.44.111 port 35860 ssh2
May 12 18:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Received disconnect from 118.107.44.111 port 35860:11: Bye Bye [preauth]
May 12 18:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Disconnected from 118.107.44.111 port 35860 [preauth]
May 12 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session closed for user root
May 12 18:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May 12 18:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: Failed password for root from 218.92.0.215 port 39954 ssh2
May 12 18:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15226]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15224]: pam_unix(cron:session): session closed for user p13x
May 12 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15285]: Successful su for rubyman by root
May 12 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15285]: + ??? root:rubyman
May 12 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380528 of user rubyman.
May 12 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15285]: pam_unix(su:session): session closed for user rubyman
May 12 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380528.
May 12 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session closed for user root
May 12 18:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15225]: pam_unix(cron:session): session closed for user samftp
May 12 18:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Invalid user op from 103.112.131.70
May 12 18:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: input_userauth_request: invalid user op [preauth]
May 12 18:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70
May 12 18:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Failed password for invalid user op from 103.112.131.70 port 58636 ssh2
May 12 18:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Received disconnect from 103.112.131.70 port 58636:11: Bye Bye [preauth]
May 12 18:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Disconnected from 103.112.131.70 port 58636 [preauth]
May 12 18:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Invalid user admin from 45.6.188.43
May 12 18:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: input_userauth_request: invalid user admin [preauth]
May 12 18:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 12 18:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Failed password for invalid user admin from 45.6.188.43 port 46372 ssh2
May 12 18:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Connection closed by 45.6.188.43 port 46372 [preauth]
May 12 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14405]: pam_unix(cron:session): session closed for user root
May 12 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15622]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15623]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15620]: pam_unix(cron:session): session closed for user p13x
May 12 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15688]: Successful su for rubyman by root
May 12 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15688]: + ??? root:rubyman
May 12 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380532 of user rubyman.
May 12 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15688]: pam_unix(su:session): session closed for user rubyman
May 12 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380532.
May 12 18:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: Invalid user webserver from 118.107.44.111
May 12 18:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: input_userauth_request: invalid user webserver [preauth]
May 12 18:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session closed for user root
May 12 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: Failed password for invalid user webserver from 118.107.44.111 port 42782 ssh2
May 12 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: Received disconnect from 118.107.44.111 port 42782:11: Bye Bye [preauth]
May 12 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: Disconnected from 118.107.44.111 port 42782 [preauth]
May 12 18:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15621]: pam_unix(cron:session): session closed for user samftp
May 12 18:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: Invalid user debian from 51.79.167.0
May 12 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: input_userauth_request: invalid user debian [preauth]
May 12 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14821]: pam_unix(cron:session): session closed for user root
May 12 18:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: Failed password for invalid user debian from 51.79.167.0 port 34764 ssh2
May 12 18:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: Received disconnect from 51.79.167.0 port 34764:11: Bye Bye [preauth]
May 12 18:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: Disconnected from 51.79.167.0 port 34764 [preauth]
May 12 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16030]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16033]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16033]: pam_unix(cron:session): session closed for user root
May 12 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16028]: pam_unix(cron:session): session closed for user p13x
May 12 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16095]: Successful su for rubyman by root
May 12 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16095]: + ??? root:rubyman
May 12 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380536 of user rubyman.
May 12 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16095]: pam_unix(su:session): session closed for user rubyman
May 12 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380536.
May 12 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16030]: pam_unix(cron:session): session closed for user root
May 12 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session closed for user root
May 12 18:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16029]: pam_unix(cron:session): session closed for user samftp
May 12 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15227]: pam_unix(cron:session): session closed for user root
May 12 18:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: User games from 118.107.44.111 not allowed because not listed in AllowUsers
May 12 18:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: input_userauth_request: invalid user games [preauth]
May 12 18:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111  user=games
May 12 18:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: Failed password for invalid user games from 118.107.44.111 port 49704 ssh2
May 12 18:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: Received disconnect from 118.107.44.111 port 49704:11: Bye Bye [preauth]
May 12 18:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: Disconnected from 118.107.44.111 port 49704 [preauth]
May 12 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16442]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session closed for user p13x
May 12 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16541]: Successful su for rubyman by root
May 12 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16541]: + ??? root:rubyman
May 12 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380542 of user rubyman.
May 12 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16541]: pam_unix(su:session): session closed for user rubyman
May 12 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380542.
May 12 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session closed for user root
May 12 18:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16441]: pam_unix(cron:session): session closed for user samftp
May 12 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15623]: pam_unix(cron:session): session closed for user root
May 12 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16917]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16916]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16914]: pam_unix(cron:session): session closed for user p13x
May 12 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16990]: Successful su for rubyman by root
May 12 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16990]: + ??? root:rubyman
May 12 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380548 of user rubyman.
May 12 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16990]: pam_unix(su:session): session closed for user rubyman
May 12 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380548.
May 12 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14404]: pam_unix(cron:session): session closed for user root
May 12 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16915]: pam_unix(cron:session): session closed for user samftp
May 12 18:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session closed for user root
May 12 18:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Failed password for root from 80.94.95.15 port 48477 ssh2
May 12 18:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: message repeated 4 times: [ Failed password for root from 80.94.95.15 port 48477 ssh2]
May 12 18:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Received disconnect from 80.94.95.15 port 48477:11: Bye [preauth]
May 12 18:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Disconnected from 80.94.95.15 port 48477 [preauth]
May 12 18:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 18:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 18:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Invalid user artem from 118.107.44.111
May 12 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: input_userauth_request: invalid user artem [preauth]
May 12 18:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Failed password for invalid user artem from 118.107.44.111 port 56626 ssh2
May 12 18:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Received disconnect from 118.107.44.111 port 56626:11: Bye Bye [preauth]
May 12 18:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Disconnected from 118.107.44.111 port 56626 [preauth]
May 12 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17336]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session closed for user p13x
May 12 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17393]: Successful su for rubyman by root
May 12 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17393]: + ??? root:rubyman
May 12 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380552 of user rubyman.
May 12 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17393]: pam_unix(su:session): session closed for user rubyman
May 12 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380552.
May 12 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14820]: pam_unix(cron:session): session closed for user root
May 12 18:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session closed for user samftp
May 12 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session closed for user root
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17756]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17759]: pam_unix(cron:session): session closed for user p13x
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17990]: Successful su for rubyman by root
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17990]: + ??? root:rubyman
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380557 of user rubyman.
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17990]: pam_unix(su:session): session closed for user rubyman
May 12 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380557.
May 12 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17756]: pam_unix(cron:session): session closed for user root
May 12 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15226]: pam_unix(cron:session): session closed for user root
May 12 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17760]: pam_unix(cron:session): session closed for user samftp
May 12 18:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: Invalid user ubuntu from 103.112.131.70
May 12 18:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: input_userauth_request: invalid user ubuntu [preauth]
May 12 18:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70
May 12 18:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: Failed password for invalid user ubuntu from 103.112.131.70 port 54996 ssh2
May 12 18:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: Received disconnect from 103.112.131.70 port 54996:11: Bye Bye [preauth]
May 12 18:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: Disconnected from 103.112.131.70 port 54996 [preauth]
May 12 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16917]: pam_unix(cron:session): session closed for user root
May 12 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0  user=root
May 12 18:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: Failed password for root from 51.79.167.0 port 47206 ssh2
May 12 18:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: Received disconnect from 51.79.167.0 port 47206:11: Bye Bye [preauth]
May 12 18:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: Disconnected from 51.79.167.0 port 47206 [preauth]
May 12 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Invalid user wyk from 118.107.44.111
May 12 18:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: input_userauth_request: invalid user wyk [preauth]
May 12 18:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Failed password for invalid user wyk from 118.107.44.111 port 35314 ssh2
May 12 18:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Received disconnect from 118.107.44.111 port 35314:11: Bye Bye [preauth]
May 12 18:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Disconnected from 118.107.44.111 port 35314 [preauth]
May 12 18:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: Failed password for root from 218.92.0.179 port 29532 ssh2
May 12 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18381]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18384]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18383]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18380]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18384]: pam_unix(cron:session): session closed for user root
May 12 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18378]: pam_unix(cron:session): session closed for user p13x
May 12 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18455]: Successful su for rubyman by root
May 12 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18455]: + ??? root:rubyman
May 12 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380561 of user rubyman.
May 12 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18455]: pam_unix(su:session): session closed for user rubyman
May 12 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380561.
May 12 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: Failed password for root from 218.92.0.179 port 29532 ssh2
May 12 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18380]: pam_unix(cron:session): session closed for user root
May 12 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15622]: pam_unix(cron:session): session closed for user root
May 12 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: Failed password for root from 218.92.0.179 port 29532 ssh2
May 12 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: Received disconnect from 218.92.0.179 port 29532:11:  [preauth]
May 12 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: Disconnected from 218.92.0.179 port 29532 [preauth]
May 12 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18543]: Failed password for root from 80.94.95.125 port 26617 ssh2
May 12 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18543]: Received disconnect from 80.94.95.125 port 26617:11: Bye [preauth]
May 12 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18543]: Disconnected from 80.94.95.125 port 26617 [preauth]
May 12 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18379]: pam_unix(cron:session): session closed for user samftp
May 12 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17336]: pam_unix(cron:session): session closed for user root
May 12 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session closed for user p13x
May 12 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: Successful su for rubyman by root
May 12 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: + ??? root:rubyman
May 12 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380567 of user rubyman.
May 12 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: pam_unix(su:session): session closed for user rubyman
May 12 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380567.
May 12 18:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session closed for user root
May 12 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18825]: pam_unix(cron:session): session closed for user samftp
May 12 18:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session closed for user root
May 12 18:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: Invalid user host from 118.107.44.111
May 12 18:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: input_userauth_request: invalid user host [preauth]
May 12 18:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: Failed password for invalid user host from 118.107.44.111 port 42234 ssh2
May 12 18:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: Received disconnect from 118.107.44.111 port 42234:11: Bye Bye [preauth]
May 12 18:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: Disconnected from 118.107.44.111 port 42234 [preauth]
May 12 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19230]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session closed for user p13x
May 12 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19300]: Successful su for rubyman by root
May 12 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19300]: + ??? root:rubyman
May 12 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380571 of user rubyman.
May 12 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19300]: pam_unix(su:session): session closed for user rubyman
May 12 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380571.
May 12 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16442]: pam_unix(cron:session): session closed for user root
May 12 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19228]: pam_unix(cron:session): session closed for user samftp
May 12 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18383]: pam_unix(cron:session): session closed for user root
May 12 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19660]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19659]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19657]: pam_unix(cron:session): session closed for user p13x
May 12 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19729]: Successful su for rubyman by root
May 12 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19729]: + ??? root:rubyman
May 12 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380574 of user rubyman.
May 12 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19729]: pam_unix(su:session): session closed for user rubyman
May 12 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380574.
May 12 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16916]: pam_unix(cron:session): session closed for user root
May 12 18:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19658]: pam_unix(cron:session): session closed for user samftp
May 12 18:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: Invalid user eduard from 190.103.202.7
May 12 18:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: input_userauth_request: invalid user eduard [preauth]
May 12 18:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 18:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: Failed password for invalid user eduard from 190.103.202.7 port 54256 ssh2
May 12 18:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: Connection closed by 190.103.202.7 port 54256 [preauth]
May 12 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session closed for user root
May 12 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: Invalid user webserver from 118.107.44.111
May 12 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: input_userauth_request: invalid user webserver [preauth]
May 12 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: Failed password for invalid user webserver from 118.107.44.111 port 49154 ssh2
May 12 18:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: Received disconnect from 118.107.44.111 port 49154:11: Bye Bye [preauth]
May 12 18:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: Disconnected from 118.107.44.111 port 49154 [preauth]
May 12 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20080]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20081]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20078]: pam_unix(cron:session): session closed for user p13x
May 12 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20140]: Successful su for rubyman by root
May 12 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20140]: + ??? root:rubyman
May 12 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380578 of user rubyman.
May 12 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20140]: pam_unix(su:session): session closed for user rubyman
May 12 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380578.
May 12 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session closed for user root
May 12 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20079]: pam_unix(cron:session): session closed for user samftp
May 12 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19230]: pam_unix(cron:session): session closed for user root
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20479]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20481]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session closed for user root
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20477]: pam_unix(cron:session): session closed for user p13x
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20553]: Successful su for rubyman by root
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20553]: + ??? root:rubyman
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380583 of user rubyman.
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20553]: pam_unix(su:session): session closed for user rubyman
May 12 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380583.
May 12 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Invalid user mapserver from 51.79.167.0
May 12 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: input_userauth_request: invalid user mapserver [preauth]
May 12 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70  user=root
May 12 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20479]: pam_unix(cron:session): session closed for user root
May 12 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session closed for user root
May 12 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Failed password for invalid user mapserver from 51.79.167.0 port 59292 ssh2
May 12 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: Failed password for root from 103.112.131.70 port 42984 ssh2
May 12 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Received disconnect from 51.79.167.0 port 59292:11: Bye Bye [preauth]
May 12 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Disconnected from 51.79.167.0 port 59292 [preauth]
May 12 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: Received disconnect from 103.112.131.70 port 42984:11: Bye Bye [preauth]
May 12 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: Disconnected from 103.112.131.70 port 42984 [preauth]
May 12 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20478]: pam_unix(cron:session): session closed for user samftp
May 12 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19660]: pam_unix(cron:session): session closed for user root
May 12 18:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20873]: Invalid user quentin from 118.107.44.111
May 12 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20873]: input_userauth_request: invalid user quentin [preauth]
May 12 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20873]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20873]: Failed password for invalid user quentin from 118.107.44.111 port 56074 ssh2
May 12 18:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20873]: Received disconnect from 118.107.44.111 port 56074:11: Bye Bye [preauth]
May 12 18:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20873]: Disconnected from 118.107.44.111 port 56074 [preauth]
May 12 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20932]: pam_unix(cron:session): session closed for user p13x
May 12 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20996]: Successful su for rubyman by root
May 12 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20996]: + ??? root:rubyman
May 12 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380588 of user rubyman.
May 12 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20996]: pam_unix(su:session): session closed for user rubyman
May 12 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380588.
May 12 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18381]: pam_unix(cron:session): session closed for user root
May 12 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session closed for user samftp
May 12 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20081]: pam_unix(cron:session): session closed for user root
May 12 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21384]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21383]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21381]: pam_unix(cron:session): session closed for user p13x
May 12 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21440]: Successful su for rubyman by root
May 12 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21440]: + ??? root:rubyman
May 12 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380594 of user rubyman.
May 12 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21440]: pam_unix(su:session): session closed for user rubyman
May 12 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380594.
May 12 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session closed for user root
May 12 18:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session closed for user samftp
May 12 18:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: Invalid user tomcat1 from 118.107.44.111
May 12 18:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: input_userauth_request: invalid user tomcat1 [preauth]
May 12 18:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20481]: pam_unix(cron:session): session closed for user root
May 12 18:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: Failed password for invalid user tomcat1 from 118.107.44.111 port 34764 ssh2
May 12 18:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: Received disconnect from 118.107.44.111 port 34764:11: Bye Bye [preauth]
May 12 18:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: Disconnected from 118.107.44.111 port 34764 [preauth]
May 12 18:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22106]: pam_unix(cron:session): session closed for user p13x
May 12 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: Successful su for rubyman by root
May 12 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: + ??? root:rubyman
May 12 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380597 of user rubyman.
May 12 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: pam_unix(su:session): session closed for user rubyman
May 12 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380597.
May 12 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session closed for user root
May 12 18:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session closed for user samftp
May 12 18:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: Failed password for root from 218.92.0.179 port 55876 ssh2
May 12 18:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 55876 ssh2]
May 12 18:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: Received disconnect from 218.92.0.179 port 55876:11:  [preauth]
May 12 18:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: Disconnected from 218.92.0.179 port 55876 [preauth]
May 12 18:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session closed for user root
May 12 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22588]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22589]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22586]: pam_unix(cron:session): session closed for user p13x
May 12 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22651]: Successful su for rubyman by root
May 12 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22651]: + ??? root:rubyman
May 12 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380601 of user rubyman.
May 12 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22651]: pam_unix(su:session): session closed for user rubyman
May 12 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380601.
May 12 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19659]: pam_unix(cron:session): session closed for user root
May 12 18:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22587]: pam_unix(cron:session): session closed for user samftp
May 12 18:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: Invalid user audit from 118.107.44.111
May 12 18:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: input_userauth_request: invalid user audit [preauth]
May 12 18:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: Failed password for invalid user audit from 118.107.44.111 port 41686 ssh2
May 12 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: Received disconnect from 118.107.44.111 port 41686:11: Bye Bye [preauth]
May 12 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: Disconnected from 118.107.44.111 port 41686 [preauth]
May 12 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21384]: pam_unix(cron:session): session closed for user root
May 12 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23057]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23058]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23056]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23055]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23058]: pam_unix(cron:session): session closed for user root
May 12 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23053]: pam_unix(cron:session): session closed for user p13x
May 12 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23128]: Successful su for rubyman by root
May 12 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23128]: + ??? root:rubyman
May 12 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380603 of user rubyman.
May 12 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23128]: pam_unix(su:session): session closed for user rubyman
May 12 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380603.
May 12 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20080]: pam_unix(cron:session): session closed for user root
May 12 18:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23055]: pam_unix(cron:session): session closed for user root
May 12 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23054]: pam_unix(cron:session): session closed for user samftp
May 12 18:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: Invalid user webapps from 51.79.167.0
May 12 18:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: input_userauth_request: invalid user webapps [preauth]
May 12 18:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 18:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: Failed password for invalid user webapps from 51.79.167.0 port 43524 ssh2
May 12 18:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: Received disconnect from 51.79.167.0 port 43524:11: Bye Bye [preauth]
May 12 18:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: Disconnected from 51.79.167.0 port 43524 [preauth]
May 12 18:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session closed for user root
May 12 18:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23588]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23589]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23585]: pam_unix(cron:session): session closed for user p13x
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23660]: Successful su for rubyman by root
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23660]: + ??? root:rubyman
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380610 of user rubyman.
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23660]: pam_unix(su:session): session closed for user rubyman
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380610.
May 12 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70  user=root
May 12 18:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: Failed password for root from 103.112.131.70 port 37808 ssh2
May 12 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: Received disconnect from 103.112.131.70 port 37808:11: Bye Bye [preauth]
May 12 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: Disconnected from 103.112.131.70 port 37808 [preauth]
May 12 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session closed for user root
May 12 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23587]: pam_unix(cron:session): session closed for user samftp
May 12 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: Invalid user didi from 118.107.44.111
May 12 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: input_userauth_request: invalid user didi [preauth]
May 12 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: Failed password for invalid user didi from 118.107.44.111 port 48608 ssh2
May 12 18:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: Received disconnect from 118.107.44.111 port 48608:11: Bye Bye [preauth]
May 12 18:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: Disconnected from 118.107.44.111 port 48608 [preauth]
May 12 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22589]: pam_unix(cron:session): session closed for user root
May 12 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24125]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24123]: pam_unix(cron:session): session closed for user p13x
May 12 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24190]: Successful su for rubyman by root
May 12 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24190]: + ??? root:rubyman
May 12 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380615 of user rubyman.
May 12 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24190]: pam_unix(su:session): session closed for user rubyman
May 12 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380615.
May 12 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session closed for user root
May 12 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24124]: pam_unix(cron:session): session closed for user samftp
May 12 18:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23057]: pam_unix(cron:session): session closed for user root
May 12 18:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: Invalid user test from 80.94.95.125
May 12 18:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: input_userauth_request: invalid user test [preauth]
May 12 18:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 18:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: Failed password for invalid user test from 80.94.95.125 port 13839 ssh2
May 12 18:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: Received disconnect from 80.94.95.125 port 13839:11: Bye [preauth]
May 12 18:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: Disconnected from 80.94.95.125 port 13839 [preauth]
May 12 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24570]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session closed for user p13x
May 12 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24634]: Successful su for rubyman by root
May 12 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24634]: + ??? root:rubyman
May 12 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380619 of user rubyman.
May 12 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24634]: pam_unix(su:session): session closed for user rubyman
May 12 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380619.
May 12 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21383]: pam_unix(cron:session): session closed for user root
May 12 18:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24566]: pam_unix(cron:session): session closed for user samftp
May 12 18:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: Invalid user user from 118.107.44.111
May 12 18:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: input_userauth_request: invalid user user [preauth]
May 12 18:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: Failed password for invalid user user from 118.107.44.111 port 55528 ssh2
May 12 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: Received disconnect from 118.107.44.111 port 55528:11: Bye Bye [preauth]
May 12 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: Disconnected from 118.107.44.111 port 55528 [preauth]
May 12 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23589]: pam_unix(cron:session): session closed for user root
May 12 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24986]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24987]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24984]: pam_unix(cron:session): session closed for user p13x
May 12 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25046]: Successful su for rubyman by root
May 12 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25046]: + ??? root:rubyman
May 12 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380623 of user rubyman.
May 12 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25046]: pam_unix(su:session): session closed for user rubyman
May 12 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380623.
May 12 18:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session closed for user root
May 12 18:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24985]: pam_unix(cron:session): session closed for user samftp
May 12 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session closed for user root
May 12 18:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25397]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25400]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25400]: pam_unix(cron:session): session closed for user root
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25395]: pam_unix(cron:session): session closed for user p13x
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Failed password for root from 218.92.0.179 port 33475 ssh2
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25470]: Successful su for rubyman by root
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25470]: + ??? root:rubyman
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380627 of user rubyman.
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25470]: pam_unix(su:session): session closed for user rubyman
May 12 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380627.
May 12 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Failed password for root from 218.92.0.179 port 33475 ssh2
May 12 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25397]: pam_unix(cron:session): session closed for user root
May 12 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22588]: pam_unix(cron:session): session closed for user root
May 12 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Failed password for root from 218.92.0.179 port 33475 ssh2
May 12 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Received disconnect from 218.92.0.179 port 33475:11:  [preauth]
May 12 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Disconnected from 218.92.0.179 port 33475 [preauth]
May 12 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25396]: pam_unix(cron:session): session closed for user samftp
May 12 18:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Invalid user vikas from 118.107.44.111
May 12 18:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: input_userauth_request: invalid user vikas [preauth]
May 12 18:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Failed password for invalid user vikas from 118.107.44.111 port 34218 ssh2
May 12 18:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Received disconnect from 118.107.44.111 port 34218:11: Bye Bye [preauth]
May 12 18:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Disconnected from 118.107.44.111 port 34218 [preauth]
May 12 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session closed for user root
May 12 18:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0  user=root
May 12 18:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Failed password for root from 51.79.167.0 port 55634 ssh2
May 12 18:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Received disconnect from 51.79.167.0 port 55634:11: Bye Bye [preauth]
May 12 18:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Disconnected from 51.79.167.0 port 55634 [preauth]
May 12 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25929]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25927]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25924]: pam_unix(cron:session): session closed for user p13x
May 12 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26000]: Successful su for rubyman by root
May 12 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26000]: + ??? root:rubyman
May 12 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380631 of user rubyman.
May 12 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26000]: pam_unix(su:session): session closed for user rubyman
May 12 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380631.
May 12 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23056]: pam_unix(cron:session): session closed for user root
May 12 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25925]: pam_unix(cron:session): session closed for user samftp
May 12 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24987]: pam_unix(cron:session): session closed for user root
May 12 18:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70  user=root
May 12 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26350]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26351]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26345]: pam_unix(cron:session): session closed for user p13x
May 12 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26411]: Successful su for rubyman by root
May 12 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26411]: + ??? root:rubyman
May 12 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380637 of user rubyman.
May 12 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26411]: pam_unix(su:session): session closed for user rubyman
May 12 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380637.
May 12 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: Failed password for root from 103.112.131.70 port 58294 ssh2
May 12 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: Received disconnect from 103.112.131.70 port 58294:11: Bye Bye [preauth]
May 12 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: Disconnected from 103.112.131.70 port 58294 [preauth]
May 12 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23588]: pam_unix(cron:session): session closed for user root
May 12 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26349]: pam_unix(cron:session): session closed for user samftp
May 12 18:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: Invalid user amssys from 118.107.44.111
May 12 18:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: input_userauth_request: invalid user amssys [preauth]
May 12 18:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: Failed password for invalid user amssys from 118.107.44.111 port 41140 ssh2
May 12 18:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: Received disconnect from 118.107.44.111 port 41140:11: Bye Bye [preauth]
May 12 18:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: Disconnected from 118.107.44.111 port 41140 [preauth]
May 12 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Did not receive identification string from 221.179.57.254
May 12 18:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session closed for user root
May 12 18:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: Invalid user  from 196.251.88.103
May 12 18:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: input_userauth_request: invalid user  [preauth]
May 12 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26867]: pam_unix(cron:session): session closed for user p13x
May 12 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26969]: Successful su for rubyman by root
May 12 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26969]: + ??? root:rubyman
May 12 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380640 of user rubyman.
May 12 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26969]: pam_unix(su:session): session closed for user rubyman
May 12 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380640.
May 12 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: Connection closed by 196.251.88.103 port 42196 [preauth]
May 12 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24125]: pam_unix(cron:session): session closed for user root
May 12 18:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26869]: pam_unix(cron:session): session closed for user samftp
May 12 18:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Invalid user admin from 80.94.95.112
May 12 18:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: input_userauth_request: invalid user admin [preauth]
May 12 18:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 18:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Failed password for invalid user admin from 80.94.95.112 port 53167 ssh2
May 12 18:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Failed password for invalid user admin from 80.94.95.112 port 53167 ssh2
May 12 18:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Failed password for invalid user admin from 80.94.95.112 port 53167 ssh2
May 12 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Failed password for invalid user admin from 80.94.95.112 port 53167 ssh2
May 12 18:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Failed password for invalid user admin from 80.94.95.112 port 53167 ssh2
May 12 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Received disconnect from 80.94.95.112 port 53167:11: Bye [preauth]
May 12 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Disconnected from 80.94.95.112 port 53167 [preauth]
May 12 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25929]: pam_unix(cron:session): session closed for user root
May 12 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session closed for user p13x
May 12 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27515]: Successful su for rubyman by root
May 12 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27515]: + ??? root:rubyman
May 12 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380644 of user rubyman.
May 12 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27515]: pam_unix(su:session): session closed for user rubyman
May 12 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380644.
May 12 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24570]: pam_unix(cron:session): session closed for user root
May 12 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session closed for user samftp
May 12 18:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Invalid user cstrike from 118.107.44.111
May 12 18:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: input_userauth_request: invalid user cstrike [preauth]
May 12 18:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 18:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Failed password for invalid user cstrike from 118.107.44.111 port 48062 ssh2
May 12 18:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Received disconnect from 118.107.44.111 port 48062:11: Bye Bye [preauth]
May 12 18:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Disconnected from 118.107.44.111 port 48062 [preauth]
May 12 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Invalid user abc1 from 193.32.162.157
May 12 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: input_userauth_request: invalid user abc1 [preauth]
May 12 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 18:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Failed password for invalid user abc1 from 193.32.162.157 port 11896 ssh2
May 12 18:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Connection closed by 193.32.162.157 port 11896 [preauth]
May 12 18:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26351]: pam_unix(cron:session): session closed for user root
May 12 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: Invalid user monerod from 193.32.162.157
May 12 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: input_userauth_request: invalid user monerod [preauth]
May 12 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 18:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: Failed password for invalid user monerod from 193.32.162.157 port 1760 ssh2
May 12 18:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: Connection closed by 193.32.162.157 port 1760 [preauth]
May 12 18:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: Invalid user bbbb from 193.32.162.157
May 12 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: input_userauth_request: invalid user bbbb [preauth]
May 12 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: pam_unix(sshd:auth): check pass; user unknown
May 12 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 18:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: Failed password for invalid user bbbb from 193.32.162.157 port 13166 ssh2
May 12 18:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: Connection closed by 193.32.162.157 port 13166 [preauth]
May 12 18:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27916]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27913]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session closed for user root
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27913]: pam_unix(cron:session): session closed for user root
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27911]: pam_unix(cron:session): session closed for user p13x
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28010]: Successful su for rubyman by root
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28010]: + ??? root:rubyman
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380650 of user rubyman.
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28010]: pam_unix(su:session): session closed for user rubyman
May 12 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380650.
May 12 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session closed for user root
May 12 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24986]: pam_unix(cron:session): session closed for user root
May 12 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27912]: pam_unix(cron:session): session closed for user samftp
May 12 19:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: Invalid user bitcoin from 193.32.162.157
May 12 19:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: input_userauth_request: invalid user bitcoin [preauth]
May 12 19:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 19:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: Failed password for invalid user bitcoin from 193.32.162.157 port 24148 ssh2
May 12 19:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: Connection closed by 193.32.162.157 port 24148 [preauth]
May 12 19:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: Invalid user bb from 193.32.162.157
May 12 19:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: input_userauth_request: invalid user bb [preauth]
May 12 19:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 19:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: Failed password for invalid user bb from 193.32.162.157 port 21308 ssh2
May 12 19:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: Connection closed by 193.32.162.157 port 21308 [preauth]
May 12 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session closed for user root
May 12 19:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0  user=root
May 12 19:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28413]: Failed password for root from 51.79.167.0 port 39570 ssh2
May 12 19:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28413]: Received disconnect from 51.79.167.0 port 39570:11: Bye Bye [preauth]
May 12 19:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28413]: Disconnected from 51.79.167.0 port 39570 [preauth]
May 12 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28429]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28426]: pam_unix(cron:session): session closed for user p13x
May 12 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: Successful su for rubyman by root
May 12 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: + ??? root:rubyman
May 12 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380655 of user rubyman.
May 12 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: pam_unix(su:session): session closed for user rubyman
May 12 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380655.
May 12 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session closed for user root
May 12 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28427]: pam_unix(cron:session): session closed for user samftp
May 12 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Invalid user MC from 118.107.44.111
May 12 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: input_userauth_request: invalid user MC [preauth]
May 12 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Failed password for invalid user MC from 118.107.44.111 port 54986 ssh2
May 12 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Received disconnect from 118.107.44.111 port 54986:11: Bye Bye [preauth]
May 12 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Disconnected from 118.107.44.111 port 54986 [preauth]
May 12 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session closed for user root
May 12 19:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May 12 19:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28821]: Failed password for root from 50.235.31.47 port 32926 ssh2
May 12 19:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28821]: Connection closed by 50.235.31.47 port 32926 [preauth]
May 12 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session closed for user p13x
May 12 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: Successful su for rubyman by root
May 12 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: + ??? root:rubyman
May 12 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380659 of user rubyman.
May 12 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: pam_unix(su:session): session closed for user rubyman
May 12 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380659.
May 12 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25927]: pam_unix(cron:session): session closed for user root
May 12 19:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session closed for user samftp
May 12 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27916]: pam_unix(cron:session): session closed for user root
May 12 19:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70  user=root
May 12 19:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: Invalid user auto from 118.107.44.111
May 12 19:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: input_userauth_request: invalid user auto [preauth]
May 12 19:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: Failed password for invalid user auto from 118.107.44.111 port 33674 ssh2
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: Failed password for root from 103.112.131.70 port 55092 ssh2
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: Received disconnect from 118.107.44.111 port 33674:11: Bye Bye [preauth]
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: Disconnected from 118.107.44.111 port 33674 [preauth]
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29346]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29347]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29342]: pam_unix(cron:session): session closed for user p13x
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: Received disconnect from 103.112.131.70 port 55092:11: Bye Bye [preauth]
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: Disconnected from 103.112.131.70 port 55092 [preauth]
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29407]: Successful su for rubyman by root
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29407]: + ??? root:rubyman
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380663 of user rubyman.
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29407]: pam_unix(su:session): session closed for user rubyman
May 12 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380663.
May 12 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May 12 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26350]: pam_unix(cron:session): session closed for user root
May 12 19:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29343]: pam_unix(cron:session): session closed for user samftp
May 12 19:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: Failed password for root from 218.92.0.204 port 33036 ssh2
May 12 19:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: message repeated 4 times: [ Failed password for root from 218.92.0.204 port 33036 ssh2]
May 12 19:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 33036 ssh2 [preauth]
May 12 19:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: Disconnecting: Too many authentication failures [preauth]
May 12 19:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May 12 19:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 19:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May 12 19:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Failed password for root from 218.92.0.204 port 20674 ssh2
May 12 19:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Failed password for root from 218.92.0.204 port 20674 ssh2
May 12 19:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Failed password for root from 218.92.0.204 port 20674 ssh2
May 12 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28429]: pam_unix(cron:session): session closed for user root
May 12 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Failed password for root from 218.92.0.204 port 20674 ssh2
May 12 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: message repeated 2 times: [ Failed password for root from 218.92.0.204 port 20674 ssh2]
May 12 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 20674 ssh2 [preauth]
May 12 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Disconnecting: Too many authentication failures [preauth]
May 12 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May 12 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: PAM service(sshd) ignoring max retries; 6 > 3
May 12 19:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Invalid user dev from 196.251.88.103
May 12 19:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: input_userauth_request: invalid user dev [preauth]
May 12 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May 12 19:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Failed password for invalid user dev from 196.251.88.103 port 46122 ssh2
May 12 19:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Failed password for root from 218.92.0.204 port 1778 ssh2
May 12 19:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Connection closed by 196.251.88.103 port 46122 [preauth]
May 12 19:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Received disconnect from 218.92.0.204 port 1778:11:  [preauth]
May 12 19:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Disconnected from 218.92.0.204 port 1778 [preauth]
May 12 19:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29775]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29776]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29773]: pam_unix(cron:session): session closed for user p13x
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29835]: Successful su for rubyman by root
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29835]: + ??? root:rubyman
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380667 of user rubyman.
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29835]: pam_unix(su:session): session closed for user rubyman
May 12 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380667.
May 12 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29763]: Failed password for root from 196.251.88.103 port 52272 ssh2
May 12 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29763]: Connection closed by 196.251.88.103 port 52272 [preauth]
May 12 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session closed for user root
May 12 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29774]: pam_unix(cron:session): session closed for user samftp
May 12 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Failed password for root from 196.251.88.103 port 58418 ssh2
May 12 19:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Connection closed by 196.251.88.103 port 58418 [preauth]
May 12 19:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: User ftp from 196.251.88.103 not allowed because not listed in AllowUsers
May 12 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: input_userauth_request: invalid user ftp [preauth]
May 12 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=ftp
May 12 19:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Failed password for invalid user ftp from 196.251.88.103 port 36340 ssh2
May 12 19:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Connection closed by 196.251.88.103 port 36340 [preauth]
May 12 19:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: Invalid user tomcat from 196.251.88.103
May 12 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: input_userauth_request: invalid user tomcat [preauth]
May 12 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: Failed password for invalid user tomcat from 196.251.88.103 port 42484 ssh2
May 12 19:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: Connection closed by 196.251.88.103 port 42484 [preauth]
May 12 19:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Invalid user ts from 196.251.88.103
May 12 19:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: input_userauth_request: invalid user ts [preauth]
May 12 19:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Failed password for invalid user ts from 196.251.88.103 port 48630 ssh2
May 12 19:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Connection closed by 196.251.88.103 port 48630 [preauth]
May 12 19:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session closed for user root
May 12 19:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30127]: Invalid user user from 196.251.88.103
May 12 19:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30127]: input_userauth_request: invalid user user [preauth]
May 12 19:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30127]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30127]: Failed password for invalid user user from 196.251.88.103 port 54776 ssh2
May 12 19:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30127]: Connection closed by 196.251.88.103 port 54776 [preauth]
May 12 19:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Invalid user weblogic from 196.251.88.103
May 12 19:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: input_userauth_request: invalid user weblogic [preauth]
May 12 19:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Failed password for invalid user weblogic from 196.251.88.103 port 60920 ssh2
May 12 19:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Connection closed by 196.251.88.103 port 60920 [preauth]
May 12 19:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: Failed password for root from 196.251.88.103 port 38838 ssh2
May 12 19:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: Connection closed by 196.251.88.103 port 38838 [preauth]
May 12 19:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: Invalid user utente from 118.107.44.111
May 12 19:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: input_userauth_request: invalid user utente [preauth]
May 12 19:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 19:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Invalid user guest from 196.251.88.103
May 12 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: input_userauth_request: invalid user guest [preauth]
May 12 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: Failed password for invalid user utente from 118.107.44.111 port 40594 ssh2
May 12 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: Received disconnect from 118.107.44.111 port 40594:11: Bye Bye [preauth]
May 12 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: Disconnected from 118.107.44.111 port 40594 [preauth]
May 12 19:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Failed password for invalid user guest from 196.251.88.103 port 44984 ssh2
May 12 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Connection closed by 196.251.88.103 port 44984 [preauth]
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30201]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30199]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30200]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30201]: pam_unix(cron:session): session closed for user root
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30196]: pam_unix(cron:session): session closed for user p13x
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: Successful su for rubyman by root
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: + ??? root:rubyman
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380674 of user rubyman.
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: pam_unix(su:session): session closed for user rubyman
May 12 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380674.
May 12 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session closed for user root
May 12 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: Invalid user steam from 196.251.88.103
May 12 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: input_userauth_request: invalid user steam [preauth]
May 12 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session closed for user root
May 12 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session closed for user samftp
May 12 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: Failed password for invalid user steam from 196.251.88.103 port 51136 ssh2
May 12 19:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: Connection closed by 196.251.88.103 port 51136 [preauth]
May 12 19:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: Invalid user minecraft from 196.251.88.103
May 12 19:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: input_userauth_request: invalid user minecraft [preauth]
May 12 19:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: Failed password for invalid user minecraft from 196.251.88.103 port 57294 ssh2
May 12 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: Connection closed by 196.251.88.103 port 57294 [preauth]
May 12 19:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30509]: Failed password for root from 196.251.88.103 port 35208 ssh2
May 12 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30509]: Connection closed by 196.251.88.103 port 35208 [preauth]
May 12 19:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: Invalid user centos from 196.251.88.103
May 12 19:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: input_userauth_request: invalid user centos [preauth]
May 12 19:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: Failed password for invalid user centos from 196.251.88.103 port 41354 ssh2
May 12 19:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: Connection closed by 196.251.88.103 port 41354 [preauth]
May 12 19:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29347]: pam_unix(cron:session): session closed for user root
May 12 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: Failed password for root from 196.251.88.103 port 47502 ssh2
May 12 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: Connection closed by 196.251.88.103 port 47502 [preauth]
May 12 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: Invalid user niaoyun from 196.251.88.103
May 12 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: input_userauth_request: invalid user niaoyun [preauth]
May 12 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: Failed password for invalid user niaoyun from 196.251.88.103 port 53644 ssh2
May 12 19:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: Connection closed by 196.251.88.103 port 53644 [preauth]
May 12 19:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30606]: Invalid user test from 196.251.88.103
May 12 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30606]: input_userauth_request: invalid user test [preauth]
May 12 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30606]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Invalid user tomcat from 80.94.95.125
May 12 19:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: input_userauth_request: invalid user tomcat [preauth]
May 12 19:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 19:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30606]: Failed password for invalid user test from 196.251.88.103 port 59790 ssh2
May 12 19:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30606]: Connection closed by 196.251.88.103 port 59790 [preauth]
May 12 19:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Failed password for invalid user tomcat from 80.94.95.125 port 48011 ssh2
May 12 19:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Received disconnect from 80.94.95.125 port 48011:11: Bye [preauth]
May 12 19:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Disconnected from 80.94.95.125 port 48011 [preauth]
May 12 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: Invalid user ubnt from 196.251.88.103
May 12 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: input_userauth_request: invalid user ubnt [preauth]
May 12 19:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: Failed password for invalid user ubnt from 196.251.88.103 port 37702 ssh2
May 12 19:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: Connection closed by 196.251.88.103 port 37702 [preauth]
May 12 19:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: Invalid user sonar from 196.251.88.103
May 12 19:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: input_userauth_request: invalid user sonar [preauth]
May 12 19:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: Failed password for invalid user sonar from 196.251.88.103 port 43846 ssh2
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: Connection closed by 196.251.88.103 port 43846 [preauth]
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30642]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30643]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30640]: pam_unix(cron:session): session closed for user p13x
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30710]: Successful su for rubyman by root
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30710]: + ??? root:rubyman
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380677 of user rubyman.
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30710]: pam_unix(su:session): session closed for user rubyman
May 12 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380677.
May 12 19:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session closed for user root
May 12 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30880]: Invalid user nginx from 196.251.88.103
May 12 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30880]: input_userauth_request: invalid user nginx [preauth]
May 12 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30641]: pam_unix(cron:session): session closed for user samftp
May 12 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30880]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30880]: Failed password for invalid user nginx from 196.251.88.103 port 49992 ssh2
May 12 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30880]: Connection closed by 196.251.88.103 port 49992 [preauth]
May 12 19:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: Failed password for root from 196.251.88.103 port 56138 ssh2
May 12 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: Connection closed by 196.251.88.103 port 56138 [preauth]
May 12 19:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: Invalid user openvpn from 196.251.88.103
May 12 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: input_userauth_request: invalid user openvpn [preauth]
May 12 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: Invalid user deploy from 51.79.167.0
May 12 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: input_userauth_request: invalid user deploy [preauth]
May 12 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: Failed password for invalid user deploy from 51.79.167.0 port 51992 ssh2
May 12 19:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: Received disconnect from 51.79.167.0 port 51992:11: Bye Bye [preauth]
May 12 19:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: Disconnected from 51.79.167.0 port 51992 [preauth]
May 12 19:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: Failed password for invalid user openvpn from 196.251.88.103 port 34052 ssh2
May 12 19:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: Connection closed by 196.251.88.103 port 34052 [preauth]
May 12 19:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31037]: Failed password for root from 196.251.88.103 port 40198 ssh2
May 12 19:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31037]: Connection closed by 196.251.88.103 port 40198 [preauth]
May 12 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29776]: pam_unix(cron:session): session closed for user root
May 12 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: Invalid user elasticsearch from 196.251.88.103
May 12 19:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: input_userauth_request: invalid user elasticsearch [preauth]
May 12 19:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: Failed password for invalid user elasticsearch from 196.251.88.103 port 46342 ssh2
May 12 19:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: Connection closed by 196.251.88.103 port 46342 [preauth]
May 12 19:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Invalid user tom from 196.251.88.103
May 12 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: input_userauth_request: invalid user tom [preauth]
May 12 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Failed password for invalid user tom from 196.251.88.103 port 52486 ssh2
May 12 19:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Connection closed by 196.251.88.103 port 52486 [preauth]
May 12 19:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Failed password for root from 196.251.88.103 port 58634 ssh2
May 12 19:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Connection closed by 196.251.88.103 port 58634 [preauth]
May 12 19:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: Invalid user igor from 118.107.44.111
May 12 19:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: input_userauth_request: invalid user igor [preauth]
May 12 19:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31148]: Invalid user user from 196.251.88.103
May 12 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31148]: input_userauth_request: invalid user user [preauth]
May 12 19:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: Failed password for invalid user igor from 118.107.44.111 port 47516 ssh2
May 12 19:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31148]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: Received disconnect from 118.107.44.111 port 47516:11: Bye Bye [preauth]
May 12 19:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: Disconnected from 118.107.44.111 port 47516 [preauth]
May 12 19:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31148]: Failed password for invalid user user from 196.251.88.103 port 36550 ssh2
May 12 19:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31148]: Connection closed by 196.251.88.103 port 36550 [preauth]
May 12 19:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31165]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31164]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31162]: pam_unix(cron:session): session closed for user p13x
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: Invalid user docker from 196.251.88.103
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: input_userauth_request: invalid user docker [preauth]
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31224]: Successful su for rubyman by root
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31224]: + ??? root:rubyman
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380682 of user rubyman.
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31224]: pam_unix(su:session): session closed for user rubyman
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380682.
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: Failed password for invalid user docker from 196.251.88.103 port 42692 ssh2
May 12 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session closed for user root
May 12 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: Connection closed by 196.251.88.103 port 42692 [preauth]
May 12 19:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31163]: pam_unix(cron:session): session closed for user samftp
May 12 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Invalid user docker from 196.251.88.103
May 12 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: input_userauth_request: invalid user docker [preauth]
May 12 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Failed password for invalid user docker from 196.251.88.103 port 48836 ssh2
May 12 19:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Connection closed by 196.251.88.103 port 48836 [preauth]
May 12 19:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31446]: Invalid user oracle from 196.251.88.103
May 12 19:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31446]: input_userauth_request: invalid user oracle [preauth]
May 12 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31446]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31446]: Failed password for invalid user oracle from 196.251.88.103 port 54978 ssh2
May 12 19:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31446]: Connection closed by 196.251.88.103 port 54978 [preauth]
May 12 19:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Invalid user ftpuser from 196.251.88.103
May 12 19:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: input_userauth_request: invalid user ftpuser [preauth]
May 12 19:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Failed password for invalid user ftpuser from 196.251.88.103 port 32892 ssh2
May 12 19:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Connection closed by 196.251.88.103 port 32892 [preauth]
May 12 19:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: Invalid user factorio from 196.251.88.103
May 12 19:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: input_userauth_request: invalid user factorio [preauth]
May 12 19:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: Failed password for invalid user factorio from 196.251.88.103 port 39038 ssh2
May 12 19:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: Connection closed by 196.251.88.103 port 39038 [preauth]
May 12 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30200]: pam_unix(cron:session): session closed for user root
May 12 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: Invalid user dmdba from 196.251.88.103
May 12 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: input_userauth_request: invalid user dmdba [preauth]
May 12 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: Failed password for invalid user dmdba from 196.251.88.103 port 45184 ssh2
May 12 19:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: Connection closed by 196.251.88.103 port 45184 [preauth]
May 12 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: Invalid user g from 196.251.88.103
May 12 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: input_userauth_request: invalid user g [preauth]
May 12 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: Failed password for invalid user g from 196.251.88.103 port 51324 ssh2
May 12 19:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: Connection closed by 196.251.88.103 port 51324 [preauth]
May 12 19:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: Invalid user sonar from 196.251.88.103
May 12 19:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: input_userauth_request: invalid user sonar [preauth]
May 12 19:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: Failed password for invalid user sonar from 196.251.88.103 port 57472 ssh2
May 12 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: Connection closed by 196.251.88.103 port 57472 [preauth]
May 12 19:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: Invalid user yealink from 196.251.88.103
May 12 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: input_userauth_request: invalid user yealink [preauth]
May 12 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: Failed password for invalid user yealink from 196.251.88.103 port 35386 ssh2
May 12 19:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: Connection closed by 196.251.88.103 port 35386 [preauth]
May 12 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31599]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31600]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31596]: pam_unix(cron:session): session closed for user p13x
May 12 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31673]: Successful su for rubyman by root
May 12 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31673]: + ??? root:rubyman
May 12 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380684 of user rubyman.
May 12 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31673]: pam_unix(su:session): session closed for user rubyman
May 12 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380684.
May 12 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: Invalid user lsfadmin from 196.251.88.103
May 12 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: input_userauth_request: invalid user lsfadmin [preauth]
May 12 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: Failed password for invalid user lsfadmin from 196.251.88.103 port 41530 ssh2
May 12 19:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session closed for user root
May 12 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: Connection closed by 196.251.88.103 port 41530 [preauth]
May 12 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31597]: pam_unix(cron:session): session closed for user samftp
May 12 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: Invalid user bot from 196.251.88.103
May 12 19:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: input_userauth_request: invalid user bot [preauth]
May 12 19:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: Failed password for invalid user bot from 196.251.88.103 port 47674 ssh2
May 12 19:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: Connection closed by 196.251.88.103 port 47674 [preauth]
May 12 19:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: Invalid user user from 196.251.88.103
May 12 19:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: input_userauth_request: invalid user user [preauth]
May 12 19:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: Failed password for invalid user user from 196.251.88.103 port 53822 ssh2
May 12 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: Connection closed by 196.251.88.103 port 53822 [preauth]
May 12 19:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31929]: Invalid user deploy from 196.251.88.103
May 12 19:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31929]: input_userauth_request: invalid user deploy [preauth]
May 12 19:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31929]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31929]: Failed password for invalid user deploy from 196.251.88.103 port 59966 ssh2
May 12 19:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31929]: Connection closed by 196.251.88.103 port 59966 [preauth]
May 12 19:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Invalid user elastic from 196.251.88.103
May 12 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: input_userauth_request: invalid user elastic [preauth]
May 12 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Failed password for invalid user elastic from 196.251.88.103 port 37882 ssh2
May 12 19:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Connection closed by 196.251.88.103 port 37882 [preauth]
May 12 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30643]: pam_unix(cron:session): session closed for user root
May 12 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Failed password for root from 196.251.88.103 port 44026 ssh2
May 12 19:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Connection closed by 196.251.88.103 port 44026 [preauth]
May 12 19:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Invalid user debian from 196.251.88.103
May 12 19:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: input_userauth_request: invalid user debian [preauth]
May 12 19:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Failed password for invalid user debian from 196.251.88.103 port 50170 ssh2
May 12 19:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Connection closed by 196.251.88.103 port 50170 [preauth]
May 12 19:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: Invalid user saba from 118.107.44.111
May 12 19:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: input_userauth_request: invalid user saba [preauth]
May 12 19:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.107.44.111
May 12 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: Failed password for invalid user saba from 118.107.44.111 port 54438 ssh2
May 12 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: Received disconnect from 118.107.44.111 port 54438:11: Bye Bye [preauth]
May 12 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: Disconnected from 118.107.44.111 port 54438 [preauth]
May 12 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Invalid user dev from 196.251.88.103
May 12 19:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: input_userauth_request: invalid user dev [preauth]
May 12 19:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Failed password for invalid user dev from 196.251.88.103 port 56316 ssh2
May 12 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Connection closed by 196.251.88.103 port 56316 [preauth]
May 12 19:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Invalid user amir from 196.251.88.103
May 12 19:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: input_userauth_request: invalid user amir [preauth]
May 12 19:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70  user=root
May 12 19:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Failed password for invalid user amir from 196.251.88.103 port 34230 ssh2
May 12 19:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Connection closed by 196.251.88.103 port 34230 [preauth]
May 12 19:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Failed password for root from 103.112.131.70 port 57262 ssh2
May 12 19:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Received disconnect from 103.112.131.70 port 57262:11: Bye Bye [preauth]
May 12 19:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Disconnected from 103.112.131.70 port 57262 [preauth]
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32331]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32325]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32329]: pam_unix(cron:session): session closed for user p13x
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: Successful su for rubyman by root
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: + ??? root:rubyman
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380690 of user rubyman.
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: pam_unix(su:session): session closed for user rubyman
May 12 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380690.
May 12 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32325]: pam_unix(cron:session): session closed for user root
May 12 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: Invalid user admin from 196.251.88.103
May 12 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: input_userauth_request: invalid user admin [preauth]
May 12 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29346]: pam_unix(cron:session): session closed for user root
May 12 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: Failed password for invalid user admin from 196.251.88.103 port 40376 ssh2
May 12 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: Connection closed by 196.251.88.103 port 40376 [preauth]
May 12 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32330]: pam_unix(cron:session): session closed for user samftp
May 12 19:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: Invalid user git from 196.251.88.103
May 12 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: input_userauth_request: invalid user git [preauth]
May 12 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: Failed password for invalid user git from 196.251.88.103 port 46522 ssh2
May 12 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: Connection closed by 196.251.88.103 port 46522 [preauth]
May 12 19:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: Invalid user esuser from 196.251.88.103
May 12 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: input_userauth_request: invalid user esuser [preauth]
May 12 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: Failed password for invalid user esuser from 196.251.88.103 port 52668 ssh2
May 12 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: Connection closed by 196.251.88.103 port 52668 [preauth]
May 12 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[423]: Invalid user flink from 196.251.88.103
May 12 19:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[423]: input_userauth_request: invalid user flink [preauth]
May 12 19:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[423]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[423]: Failed password for invalid user flink from 196.251.88.103 port 58810 ssh2
May 12 19:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[423]: Connection closed by 196.251.88.103 port 58810 [preauth]
May 12 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: Invalid user deploy from 196.251.88.103
May 12 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: input_userauth_request: invalid user deploy [preauth]
May 12 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: Failed password for invalid user deploy from 196.251.88.103 port 36722 ssh2
May 12 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31165]: pam_unix(cron:session): session closed for user root
May 12 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: Connection closed by 196.251.88.103 port 36722 [preauth]
May 12 19:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Invalid user odoo from 196.251.88.103
May 12 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: input_userauth_request: invalid user odoo [preauth]
May 12 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Failed password for invalid user odoo from 196.251.88.103 port 42870 ssh2
May 12 19:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Connection closed by 196.251.88.103 port 42870 [preauth]
May 12 19:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Invalid user gitlab from 196.251.88.103
May 12 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: input_userauth_request: invalid user gitlab [preauth]
May 12 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Failed password for invalid user gitlab from 196.251.88.103 port 49014 ssh2
May 12 19:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Connection closed by 196.251.88.103 port 49014 [preauth]
May 12 19:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[563]: Invalid user solr from 196.251.88.103
May 12 19:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[563]: input_userauth_request: invalid user solr [preauth]
May 12 19:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[563]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[563]: Failed password for invalid user solr from 196.251.88.103 port 55162 ssh2
May 12 19:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[563]: Connection closed by 196.251.88.103 port 55162 [preauth]
May 12 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Invalid user kubernetes from 196.251.88.103
May 12 19:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: input_userauth_request: invalid user kubernetes [preauth]
May 12 19:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Failed password for invalid user kubernetes from 196.251.88.103 port 33078 ssh2
May 12 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Connection closed by 196.251.88.103 port 33078 [preauth]
May 12 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[595]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[595]: pam_unix(cron:session): session closed for user root
May 12 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[587]: pam_unix(cron:session): session closed for user p13x
May 12 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[667]: Successful su for rubyman by root
May 12 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[667]: + ??? root:rubyman
May 12 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380695 of user rubyman.
May 12 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[667]: pam_unix(su:session): session closed for user rubyman
May 12 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380695.
May 12 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29775]: pam_unix(cron:session): session closed for user root
May 12 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session closed for user root
May 12 19:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[589]: pam_unix(cron:session): session closed for user samftp
May 12 19:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[879]: Failed password for root from 196.251.88.103 port 39222 ssh2
May 12 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[879]: Connection closed by 196.251.88.103 port 39222 [preauth]
May 12 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[924]: Invalid user minecraft from 196.251.88.103
May 12 19:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[924]: input_userauth_request: invalid user minecraft [preauth]
May 12 19:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[924]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[924]: Failed password for invalid user minecraft from 196.251.88.103 port 45366 ssh2
May 12 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[924]: Connection closed by 196.251.88.103 port 45366 [preauth]
May 12 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[961]: Failed password for root from 196.251.88.103 port 51510 ssh2
May 12 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[961]: Connection closed by 196.251.88.103 port 51510 [preauth]
May 12 19:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: Invalid user system from 196.251.88.103
May 12 19:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: input_userauth_request: invalid user system [preauth]
May 12 19:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: Failed password for invalid user system from 196.251.88.103 port 57656 ssh2
May 12 19:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: Connection closed by 196.251.88.103 port 57656 [preauth]
May 12 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31600]: pam_unix(cron:session): session closed for user root
May 12 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1012]: Failed password for root from 196.251.88.103 port 35568 ssh2
May 12 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1012]: Connection closed by 196.251.88.103 port 35568 [preauth]
May 12 19:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1059]: Failed password for root from 196.251.88.103 port 41716 ssh2
May 12 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1059]: Connection closed by 196.251.88.103 port 41716 [preauth]
May 12 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1086]: Invalid user ubuntu from 196.251.88.103
May 12 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1086]: input_userauth_request: invalid user ubuntu [preauth]
May 12 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1086]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1086]: Failed password for invalid user ubuntu from 196.251.88.103 port 47864 ssh2
May 12 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1086]: Connection closed by 196.251.88.103 port 47864 [preauth]
May 12 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1109]: Failed password for root from 196.251.88.103 port 54010 ssh2
May 12 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1109]: Connection closed by 196.251.88.103 port 54010 [preauth]
May 12 19:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: Invalid user admin from 196.251.88.103
May 12 19:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: input_userauth_request: invalid user admin [preauth]
May 12 19:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1125]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1126]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1123]: pam_unix(cron:session): session closed for user p13x
May 12 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: Failed password for invalid user admin from 196.251.88.103 port 60154 ssh2
May 12 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: Connection closed by 196.251.88.103 port 60154 [preauth]
May 12 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1206]: Successful su for rubyman by root
May 12 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1206]: + ??? root:rubyman
May 12 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380700 of user rubyman.
May 12 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1206]: pam_unix(su:session): session closed for user rubyman
May 12 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380700.
May 12 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30199]: pam_unix(cron:session): session closed for user root
May 12 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: Invalid user gitlab-runner from 196.251.88.103
May 12 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: input_userauth_request: invalid user gitlab-runner [preauth]
May 12 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1124]: pam_unix(cron:session): session closed for user samftp
May 12 19:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: Failed password for invalid user gitlab-runner from 196.251.88.103 port 38066 ssh2
May 12 19:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: Connection closed by 196.251.88.103 port 38066 [preauth]
May 12 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: Invalid user elastic from 196.251.88.103
May 12 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: input_userauth_request: invalid user elastic [preauth]
May 12 19:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: Failed password for invalid user elastic from 196.251.88.103 port 44212 ssh2
May 12 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: Connection closed by 196.251.88.103 port 44212 [preauth]
May 12 19:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: Failed password for root from 196.251.88.103 port 50354 ssh2
May 12 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: Connection closed by 196.251.88.103 port 50354 [preauth]
May 12 19:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Invalid user nexus from 196.251.88.103
May 12 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: input_userauth_request: invalid user nexus [preauth]
May 12 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Failed password for invalid user nexus from 196.251.88.103 port 56500 ssh2
May 12 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Connection closed by 196.251.88.103 port 56500 [preauth]
May 12 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session closed for user root
May 12 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1526]: Failed password for root from 196.251.88.103 port 34414 ssh2
May 12 19:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1526]: Connection closed by 196.251.88.103 port 34414 [preauth]
May 12 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: Invalid user nginx from 196.251.88.103
May 12 19:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: input_userauth_request: invalid user nginx [preauth]
May 12 19:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: Failed password for invalid user nginx from 196.251.88.103 port 40560 ssh2
May 12 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: Connection closed by 196.251.88.103 port 40560 [preauth]
May 12 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0  user=root
May 12 19:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: Failed password for root from 51.79.167.0 port 35790 ssh2
May 12 19:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: Received disconnect from 51.79.167.0 port 35790:11: Bye Bye [preauth]
May 12 19:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: Disconnected from 51.79.167.0 port 35790 [preauth]
May 12 19:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: Failed password for root from 196.251.88.103 port 46704 ssh2
May 12 19:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: Connection closed by 196.251.88.103 port 46704 [preauth]
May 12 19:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Invalid user opc from 196.251.88.103
May 12 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: input_userauth_request: invalid user opc [preauth]
May 12 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Failed password for invalid user opc from 196.251.88.103 port 52850 ssh2
May 12 19:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Connection closed by 196.251.88.103 port 52850 [preauth]
May 12 19:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: Invalid user debian from 196.251.88.103
May 12 19:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: input_userauth_request: invalid user debian [preauth]
May 12 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1645]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1643]: pam_unix(cron:session): session closed for user p13x
May 12 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1718]: Successful su for rubyman by root
May 12 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1718]: + ??? root:rubyman
May 12 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380703 of user rubyman.
May 12 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1718]: pam_unix(su:session): session closed for user rubyman
May 12 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380703.
May 12 19:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: Failed password for invalid user debian from 196.251.88.103 port 59002 ssh2
May 12 19:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: Connection closed by 196.251.88.103 port 59002 [preauth]
May 12 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30642]: pam_unix(cron:session): session closed for user root
May 12 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1644]: pam_unix(cron:session): session closed for user samftp
May 12 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: Invalid user hadoop from 196.251.88.103
May 12 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: input_userauth_request: invalid user hadoop [preauth]
May 12 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: Failed password for invalid user hadoop from 196.251.88.103 port 36914 ssh2
May 12 19:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: Connection closed by 196.251.88.103 port 36914 [preauth]
May 12 19:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: Invalid user centos from 196.251.88.103
May 12 19:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: input_userauth_request: invalid user centos [preauth]
May 12 19:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: Failed password for invalid user centos from 196.251.88.103 port 43058 ssh2
May 12 19:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: Connection closed by 196.251.88.103 port 43058 [preauth]
May 12 19:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: Invalid user dmdba from 196.251.88.103
May 12 19:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: input_userauth_request: invalid user dmdba [preauth]
May 12 19:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: Failed password for invalid user dmdba from 196.251.88.103 port 49202 ssh2
May 12 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: Connection closed by 196.251.88.103 port 49202 [preauth]
May 12 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Invalid user test from 196.251.88.103
May 12 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: input_userauth_request: invalid user test [preauth]
May 12 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Failed password for invalid user test from 196.251.88.103 port 55346 ssh2
May 12 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Connection closed by 196.251.88.103 port 55346 [preauth]
May 12 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session closed for user root
May 12 19:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Failed password for root from 196.251.88.103 port 33262 ssh2
May 12 19:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Connection closed by 196.251.88.103 port 33262 [preauth]
May 12 19:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2124]: Failed password for root from 196.251.88.103 port 39408 ssh2
May 12 19:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2124]: Connection closed by 196.251.88.103 port 39408 [preauth]
May 12 19:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2151]: Invalid user sadmin from 196.251.88.103
May 12 19:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2151]: input_userauth_request: invalid user sadmin [preauth]
May 12 19:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2151]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2151]: Failed password for invalid user sadmin from 196.251.88.103 port 45556 ssh2
May 12 19:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2151]: Connection closed by 196.251.88.103 port 45556 [preauth]
May 12 19:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: Failed password for root from 196.251.88.103 port 51700 ssh2
May 12 19:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: Connection closed by 196.251.88.103 port 51700 [preauth]
May 12 19:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: Failed password for root from 196.251.88.103 port 57844 ssh2
May 12 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2188]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2189]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2186]: pam_unix(cron:session): session closed for user p13x
May 12 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: Connection closed by 196.251.88.103 port 57844 [preauth]
May 12 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: Successful su for rubyman by root
May 12 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: + ??? root:rubyman
May 12 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380708 of user rubyman.
May 12 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: pam_unix(su:session): session closed for user rubyman
May 12 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380708.
May 12 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31164]: pam_unix(cron:session): session closed for user root
May 12 19:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Invalid user ranger from 196.251.88.103
May 12 19:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: input_userauth_request: invalid user ranger [preauth]
May 12 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2187]: pam_unix(cron:session): session closed for user samftp
May 12 19:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Failed password for invalid user ranger from 196.251.88.103 port 35754 ssh2
May 12 19:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Connection closed by 196.251.88.103 port 35754 [preauth]
May 12 19:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: Failed password for root from 196.251.88.103 port 41898 ssh2
May 12 19:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: Connection closed by 196.251.88.103 port 41898 [preauth]
May 12 19:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Failed password for root from 196.251.88.103 port 48044 ssh2
May 12 19:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Connection closed by 196.251.88.103 port 48044 [preauth]
May 12 19:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2518]: Failed password for root from 196.251.88.103 port 54102 ssh2
May 12 19:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2518]: Connection closed by 196.251.88.103 port 54102 [preauth]
May 12 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Invalid user admin2 from 164.68.105.9
May 12 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: input_userauth_request: invalid user admin2 [preauth]
May 12 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May 12 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Failed password for invalid user admin2 from 164.68.105.9 port 43636 ssh2
May 12 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Connection closed by 164.68.105.9 port 43636 [preauth]
May 12 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: Invalid user ubuntu from 196.251.88.103
May 12 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: input_userauth_request: invalid user ubuntu [preauth]
May 12 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1126]: pam_unix(cron:session): session closed for user root
May 12 19:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: Failed password for invalid user ubuntu from 196.251.88.103 port 60334 ssh2
May 12 19:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: Connection closed by 196.251.88.103 port 60334 [preauth]
May 12 19:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May 12 19:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: Failed password for root from 218.92.0.252 port 44904 ssh2
May 12 19:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Failed password for root from 196.251.88.103 port 38248 ssh2
May 12 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Connection closed by 196.251.88.103 port 38248 [preauth]
May 12 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: User proxy from 196.251.88.103 not allowed because not listed in AllowUsers
May 12 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: input_userauth_request: invalid user proxy [preauth]
May 12 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=proxy
May 12 19:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Failed password for invalid user proxy from 196.251.88.103 port 44394 ssh2
May 12 19:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Connection closed by 196.251.88.103 port 44394 [preauth]
May 12 19:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Invalid user tools from 196.251.88.103
May 12 19:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: input_userauth_request: invalid user tools [preauth]
May 12 19:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Failed password for invalid user tools from 196.251.88.103 port 50544 ssh2
May 12 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Connection closed by 196.251.88.103 port 50544 [preauth]
May 12 19:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Invalid user nvidia from 196.251.88.103
May 12 19:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: input_userauth_request: invalid user nvidia [preauth]
May 12 19:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Failed password for invalid user nvidia from 196.251.88.103 port 56690 ssh2
May 12 19:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Connection closed by 196.251.88.103 port 56690 [preauth]
May 12 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2644]: pam_unix(cron:session): session closed for user p13x
May 12 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2719]: Successful su for rubyman by root
May 12 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2719]: + ??? root:rubyman
May 12 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380712 of user rubyman.
May 12 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2719]: pam_unix(su:session): session closed for user rubyman
May 12 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380712.
May 12 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31599]: pam_unix(cron:session): session closed for user root
May 12 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: Invalid user postgres from 196.251.88.103
May 12 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: input_userauth_request: invalid user postgres [preauth]
May 12 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2645]: pam_unix(cron:session): session closed for user samftp
May 12 19:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: Failed password for invalid user postgres from 196.251.88.103 port 34602 ssh2
May 12 19:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: Connection closed by 196.251.88.103 port 34602 [preauth]
May 12 19:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2926]: User ftp from 196.251.88.103 not allowed because not listed in AllowUsers
May 12 19:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2926]: input_userauth_request: invalid user ftp [preauth]
May 12 19:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=ftp
May 12 19:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2926]: Failed password for invalid user ftp from 196.251.88.103 port 40748 ssh2
May 12 19:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2926]: Connection closed by 196.251.88.103 port 40748 [preauth]
May 12 19:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Invalid user steam from 196.251.88.103
May 12 19:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: input_userauth_request: invalid user steam [preauth]
May 12 19:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user steam from 196.251.88.103 port 46892 ssh2
May 12 19:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Connection closed by 196.251.88.103 port 46892 [preauth]
May 12 19:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: Invalid user es from 196.251.88.103
May 12 19:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: input_userauth_request: invalid user es [preauth]
May 12 19:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: Failed password for invalid user es from 196.251.88.103 port 53036 ssh2
May 12 19:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: Connection closed by 196.251.88.103 port 53036 [preauth]
May 12 19:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Invalid user runner from 196.251.88.103
May 12 19:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: input_userauth_request: invalid user runner [preauth]
May 12 19:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1646]: pam_unix(cron:session): session closed for user root
May 12 19:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Failed password for invalid user runner from 196.251.88.103 port 59182 ssh2
May 12 19:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Connection closed by 196.251.88.103 port 59182 [preauth]
May 12 19:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: Invalid user elsearch from 196.251.88.103
May 12 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: input_userauth_request: invalid user elsearch [preauth]
May 12 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: Failed password for invalid user elsearch from 196.251.88.103 port 37096 ssh2
May 12 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: Connection closed by 196.251.88.103 port 37096 [preauth]
May 12 19:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: Failed password for root from 196.251.88.103 port 43240 ssh2
May 12 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: Connection closed by 196.251.88.103 port 43240 [preauth]
May 12 19:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Invalid user ftpuser from 196.251.88.103
May 12 19:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: input_userauth_request: invalid user ftpuser [preauth]
May 12 19:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Failed password for invalid user ftpuser from 196.251.88.103 port 49384 ssh2
May 12 19:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Connection closed by 196.251.88.103 port 49384 [preauth]
May 12 19:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: Invalid user ugo from 103.112.131.70
May 12 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: input_userauth_request: invalid user ugo [preauth]
May 12 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70
May 12 19:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: Invalid user flask from 196.251.88.103
May 12 19:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: input_userauth_request: invalid user flask [preauth]
May 12 19:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: Failed password for invalid user ugo from 103.112.131.70 port 45304 ssh2
May 12 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: Received disconnect from 103.112.131.70 port 45304:11: Bye Bye [preauth]
May 12 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: Disconnected from 103.112.131.70 port 45304 [preauth]
May 12 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3091]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session closed for user root
May 12 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3089]: pam_unix(cron:session): session closed for user p13x
May 12 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3161]: Successful su for rubyman by root
May 12 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3161]: + ??? root:rubyman
May 12 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380716 of user rubyman.
May 12 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3161]: pam_unix(su:session): session closed for user rubyman
May 12 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380716.
May 12 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: Failed password for invalid user flask from 196.251.88.103 port 55530 ssh2
May 12 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: Connection closed by 196.251.88.103 port 55530 [preauth]
May 12 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32331]: pam_unix(cron:session): session closed for user root
May 12 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3091]: pam_unix(cron:session): session closed for user root
May 12 19:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: Invalid user ec2-user from 196.251.88.103
May 12 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: input_userauth_request: invalid user ec2-user [preauth]
May 12 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3090]: pam_unix(cron:session): session closed for user samftp
May 12 19:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: Failed password for invalid user ec2-user from 196.251.88.103 port 33444 ssh2
May 12 19:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: Connection closed by 196.251.88.103 port 33444 [preauth]
May 12 19:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: Invalid user lighthouse from 196.251.88.103
May 12 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: input_userauth_request: invalid user lighthouse [preauth]
May 12 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: Failed password for invalid user lighthouse from 196.251.88.103 port 39588 ssh2
May 12 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: Connection closed by 196.251.88.103 port 39588 [preauth]
May 12 19:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: Invalid user apache from 196.251.88.103
May 12 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: input_userauth_request: invalid user apache [preauth]
May 12 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: Failed password for invalid user apache from 196.251.88.103 port 45734 ssh2
May 12 19:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: Connection closed by 196.251.88.103 port 45734 [preauth]
May 12 19:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Invalid user wang from 196.251.88.103
May 12 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: input_userauth_request: invalid user wang [preauth]
May 12 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Failed password for invalid user wang from 196.251.88.103 port 51884 ssh2
May 12 19:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Connection closed by 196.251.88.103 port 51884 [preauth]
May 12 19:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: Invalid user uftp from 196.251.88.103
May 12 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: input_userauth_request: invalid user uftp [preauth]
May 12 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2189]: pam_unix(cron:session): session closed for user root
May 12 19:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: Failed password for invalid user uftp from 196.251.88.103 port 58028 ssh2
May 12 19:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: Connection closed by 196.251.88.103 port 58028 [preauth]
May 12 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: User mysql from 196.251.88.103 not allowed because not listed in AllowUsers
May 12 19:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: input_userauth_request: invalid user mysql [preauth]
May 12 19:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=mysql
May 12 19:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Failed password for invalid user mysql from 196.251.88.103 port 35940 ssh2
May 12 19:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Connection closed by 196.251.88.103 port 35940 [preauth]
May 12 19:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: Invalid user mehdi from 196.251.88.103
May 12 19:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: input_userauth_request: invalid user mehdi [preauth]
May 12 19:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: Failed password for invalid user mehdi from 196.251.88.103 port 42088 ssh2
May 12 19:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: Connection closed by 196.251.88.103 port 42088 [preauth]
May 12 19:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Invalid user www from 196.251.88.103
May 12 19:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: input_userauth_request: invalid user www [preauth]
May 12 19:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Failed password for invalid user www from 196.251.88.103 port 48232 ssh2
May 12 19:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Connection closed by 196.251.88.103 port 48232 [preauth]
May 12 19:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: Invalid user rancher from 196.251.88.103
May 12 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: input_userauth_request: invalid user rancher [preauth]
May 12 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3614]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3610]: pam_unix(cron:session): session closed for user p13x
May 12 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3682]: Successful su for rubyman by root
May 12 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3682]: + ??? root:rubyman
May 12 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380721 of user rubyman.
May 12 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3682]: pam_unix(su:session): session closed for user rubyman
May 12 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380721.
May 12 19:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: Failed password for invalid user rancher from 196.251.88.103 port 54376 ssh2
May 12 19:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: Connection closed by 196.251.88.103 port 54376 [preauth]
May 12 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session closed for user root
May 12 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3612]: pam_unix(cron:session): session closed for user samftp
May 12 19:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: Invalid user appuser from 196.251.88.103
May 12 19:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: input_userauth_request: invalid user appuser [preauth]
May 12 19:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: Failed password for invalid user appuser from 196.251.88.103 port 60520 ssh2
May 12 19:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: Connection closed by 196.251.88.103 port 60520 [preauth]
May 12 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3898]: Invalid user esroot from 196.251.88.103
May 12 19:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3898]: input_userauth_request: invalid user esroot [preauth]
May 12 19:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3898]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3898]: Failed password for invalid user esroot from 196.251.88.103 port 38432 ssh2
May 12 19:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3898]: Connection closed by 196.251.88.103 port 38432 [preauth]
May 12 19:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: User mysql from 196.251.88.103 not allowed because not listed in AllowUsers
May 12 19:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: input_userauth_request: invalid user mysql [preauth]
May 12 19:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=mysql
May 12 19:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Failed password for invalid user mysql from 196.251.88.103 port 44578 ssh2
May 12 19:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Connection closed by 196.251.88.103 port 44578 [preauth]
May 12 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: Failed password for root from 196.251.88.103 port 50724 ssh2
May 12 19:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: Connection closed by 196.251.88.103 port 50724 [preauth]
May 12 19:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session closed for user root
May 12 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Invalid user wang from 196.251.88.103
May 12 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: input_userauth_request: invalid user wang [preauth]
May 12 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Failed password for invalid user wang from 196.251.88.103 port 56870 ssh2
May 12 19:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Connection closed by 196.251.88.103 port 56870 [preauth]
May 12 19:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: Failed password for root from 196.251.88.103 port 34784 ssh2
May 12 19:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: Connection closed by 196.251.88.103 port 34784 [preauth]
May 12 19:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Invalid user gpuadmin from 196.251.88.103
May 12 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: input_userauth_request: invalid user gpuadmin [preauth]
May 12 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Failed password for invalid user gpuadmin from 196.251.88.103 port 40930 ssh2
May 12 19:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Connection closed by 196.251.88.103 port 40930 [preauth]
May 12 19:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: Invalid user apache from 196.251.88.103
May 12 19:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: input_userauth_request: invalid user apache [preauth]
May 12 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: Failed password for invalid user apache from 196.251.88.103 port 47078 ssh2
May 12 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: Connection closed by 196.251.88.103 port 47078 [preauth]
May 12 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4082]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4083]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session closed for user root
May 12 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4079]: pam_unix(cron:session): session closed for user p13x
May 12 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4145]: Successful su for rubyman by root
May 12 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4145]: + ??? root:rubyman
May 12 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380726 of user rubyman.
May 12 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4145]: pam_unix(su:session): session closed for user rubyman
May 12 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380726.
May 12 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1125]: pam_unix(cron:session): session closed for user root
May 12 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Failed password for root from 196.251.88.103 port 53224 ssh2
May 12 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Connection closed by 196.251.88.103 port 53224 [preauth]
May 12 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: Invalid user squid from 51.79.167.0
May 12 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: input_userauth_request: invalid user squid [preauth]
May 12 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4081]: pam_unix(cron:session): session closed for user samftp
May 12 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: Failed password for invalid user squid from 51.79.167.0 port 47882 ssh2
May 12 19:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: Received disconnect from 51.79.167.0 port 47882:11: Bye Bye [preauth]
May 12 19:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: Disconnected from 51.79.167.0 port 47882 [preauth]
May 12 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: Invalid user samba from 196.251.88.103
May 12 19:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: input_userauth_request: invalid user samba [preauth]
May 12 19:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: Failed password for invalid user samba from 196.251.88.103 port 59370 ssh2
May 12 19:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: Connection closed by 196.251.88.103 port 59370 [preauth]
May 12 19:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: Failed password for root from 196.251.88.103 port 37284 ssh2
May 12 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: Connection closed by 196.251.88.103 port 37284 [preauth]
May 12 19:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Invalid user server from 196.251.88.103
May 12 19:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: input_userauth_request: invalid user server [preauth]
May 12 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed password for invalid user server from 196.251.88.103 port 43426 ssh2
May 12 19:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Connection closed by 196.251.88.103 port 43426 [preauth]
May 12 19:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Invalid user kingbase from 196.251.88.103
May 12 19:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: input_userauth_request: invalid user kingbase [preauth]
May 12 19:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Failed password for invalid user kingbase from 196.251.88.103 port 49572 ssh2
May 12 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Connection closed by 196.251.88.103 port 49572 [preauth]
May 12 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session closed for user root
May 12 19:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4602]: Failed password for root from 196.251.88.103 port 55716 ssh2
May 12 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4602]: Connection closed by 196.251.88.103 port 55716 [preauth]
May 12 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: Failed password for root from 196.251.88.103 port 33630 ssh2
May 12 19:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: Connection closed by 196.251.88.103 port 33630 [preauth]
May 12 19:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4644]: Invalid user gitlab-runner from 196.251.88.103
May 12 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4644]: input_userauth_request: invalid user gitlab-runner [preauth]
May 12 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4644]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4644]: Failed password for invalid user gitlab-runner from 196.251.88.103 port 39776 ssh2
May 12 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4644]: Connection closed by 196.251.88.103 port 39776 [preauth]
May 12 19:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Invalid user gitlab from 196.251.88.103
May 12 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: input_userauth_request: invalid user gitlab [preauth]
May 12 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Failed password for invalid user gitlab from 196.251.88.103 port 45920 ssh2
May 12 19:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Connection closed by 196.251.88.103 port 45920 [preauth]
May 12 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4668]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4670]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4666]: pam_unix(cron:session): session closed for user p13x
May 12 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4730]: Successful su for rubyman by root
May 12 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4730]: + ??? root:rubyman
May 12 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380731 of user rubyman.
May 12 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4730]: pam_unix(su:session): session closed for user rubyman
May 12 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380731.
May 12 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1645]: pam_unix(cron:session): session closed for user root
May 12 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4667]: pam_unix(cron:session): session closed for user samftp
May 12 19:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: Failed password for root from 196.251.88.103 port 52066 ssh2
May 12 19:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: Connection closed by 196.251.88.103 port 52066 [preauth]
May 12 19:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Invalid user nginx from 196.251.88.103
May 12 19:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: input_userauth_request: invalid user nginx [preauth]
May 12 19:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Failed password for invalid user nginx from 196.251.88.103 port 58214 ssh2
May 12 19:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Connection closed by 196.251.88.103 port 58214 [preauth]
May 12 19:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 19:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4972]: Failed password for root from 196.251.88.103 port 36124 ssh2
May 12 19:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4972]: Connection closed by 196.251.88.103 port 36124 [preauth]
May 12 19:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: Failed password for root from 218.92.0.209 port 44078 ssh2
May 12 19:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: Invalid user odoo17 from 196.251.88.103
May 12 19:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: input_userauth_request: invalid user odoo17 [preauth]
May 12 19:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: Failed password for invalid user odoo17 from 196.251.88.103 port 42268 ssh2
May 12 19:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: Failed password for root from 218.92.0.209 port 44078 ssh2
May 12 19:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: Connection closed by 196.251.88.103 port 42268 [preauth]
May 12 19:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: Failed password for root from 218.92.0.209 port 44078 ssh2
May 12 19:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Invalid user hadoop from 196.251.88.103
May 12 19:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: input_userauth_request: invalid user hadoop [preauth]
May 12 19:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: Failed password for root from 218.92.0.209 port 44078 ssh2
May 12 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Failed password for invalid user hadoop from 196.251.88.103 port 48414 ssh2
May 12 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Connection closed by 196.251.88.103 port 48414 [preauth]
May 12 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3614]: pam_unix(cron:session): session closed for user root
May 12 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: Invalid user admin from 80.94.95.125
May 12 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: input_userauth_request: invalid user admin [preauth]
May 12 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: Failed password for root from 218.92.0.209 port 44078 ssh2
May 12 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 44078 ssh2 [preauth]
May 12 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: Disconnecting: Too many authentication failures [preauth]
May 12 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May 12 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 19:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Invalid user jms from 196.251.88.103
May 12 19:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: input_userauth_request: invalid user jms [preauth]
May 12 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: Failed password for invalid user admin from 80.94.95.125 port 57979 ssh2
May 12 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: Received disconnect from 80.94.95.125 port 57979:11: Bye [preauth]
May 12 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: Disconnected from 80.94.95.125 port 57979 [preauth]
May 12 19:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Failed password for invalid user jms from 196.251.88.103 port 54560 ssh2
May 12 19:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Connection closed by 196.251.88.103 port 54560 [preauth]
May 12 19:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Failed password for root from 196.251.88.103 port 60706 ssh2
May 12 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Connection closed by 196.251.88.103 port 60706 [preauth]
May 12 19:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: Invalid user es from 196.251.88.103
May 12 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: input_userauth_request: invalid user es [preauth]
May 12 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: Failed password for invalid user es from 196.251.88.103 port 38622 ssh2
May 12 19:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: Connection closed by 196.251.88.103 port 38622 [preauth]
May 12 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Invalid user developer from 196.251.88.103
May 12 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: input_userauth_request: invalid user developer [preauth]
May 12 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for invalid user developer from 196.251.88.103 port 44766 ssh2
May 12 19:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Connection closed by 196.251.88.103 port 44766 [preauth]
May 12 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5306]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5307]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5304]: pam_unix(cron:session): session closed for user p13x
May 12 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5364]: Successful su for rubyman by root
May 12 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5364]: + ??? root:rubyman
May 12 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380736 of user rubyman.
May 12 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5364]: pam_unix(su:session): session closed for user rubyman
May 12 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380736.
May 12 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2188]: pam_unix(cron:session): session closed for user root
May 12 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Invalid user server from 196.251.88.103
May 12 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: input_userauth_request: invalid user server [preauth]
May 12 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Failed password for invalid user server from 196.251.88.103 port 50910 ssh2
May 12 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5305]: pam_unix(cron:session): session closed for user samftp
May 12 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Connection closed by 196.251.88.103 port 50910 [preauth]
May 12 19:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Invalid user es from 196.251.88.103
May 12 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: input_userauth_request: invalid user es [preauth]
May 12 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Failed password for invalid user es from 196.251.88.103 port 57054 ssh2
May 12 19:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Connection closed by 196.251.88.103 port 57054 [preauth]
May 12 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: Invalid user fastuser from 196.251.88.103
May 12 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: input_userauth_request: invalid user fastuser [preauth]
May 12 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: Failed password for invalid user fastuser from 196.251.88.103 port 34966 ssh2
May 12 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: Connection closed by 196.251.88.103 port 34966 [preauth]
May 12 19:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Failed password for root from 196.251.88.103 port 41112 ssh2
May 12 19:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Connection closed by 196.251.88.103 port 41112 [preauth]
May 12 19:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4083]: pam_unix(cron:session): session closed for user root
May 12 19:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Failed password for root from 196.251.88.103 port 47256 ssh2
May 12 19:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Connection closed by 196.251.88.103 port 47256 [preauth]
May 12 19:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Failed password for root from 196.251.88.103 port 53402 ssh2
May 12 19:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Connection closed by 196.251.88.103 port 53402 [preauth]
May 12 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: Invalid user hive from 196.251.88.103
May 12 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: input_userauth_request: invalid user hive [preauth]
May 12 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: Failed password for invalid user hive from 196.251.88.103 port 59544 ssh2
May 12 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: Connection closed by 196.251.88.103 port 59544 [preauth]
May 12 19:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: Invalid user jumpserver from 196.251.88.103
May 12 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: input_userauth_request: invalid user jumpserver [preauth]
May 12 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: Failed password for invalid user jumpserver from 196.251.88.103 port 37460 ssh2
May 12 19:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: Connection closed by 196.251.88.103 port 37460 [preauth]
May 12 19:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Invalid user wso2 from 196.251.88.103
May 12 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: input_userauth_request: invalid user wso2 [preauth]
May 12 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Failed password for invalid user wso2 from 196.251.88.103 port 43602 ssh2
May 12 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Connection closed by 196.251.88.103 port 43602 [preauth]
May 12 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5786]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5787]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session closed for user root
May 12 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5784]: pam_unix(cron:session): session closed for user p13x
May 12 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5942]: Successful su for rubyman by root
May 12 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5942]: + ??? root:rubyman
May 12 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380738 of user rubyman.
May 12 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5942]: pam_unix(su:session): session closed for user rubyman
May 12 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380738.
May 12 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session closed for user root
May 12 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5786]: pam_unix(cron:session): session closed for user root
May 12 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6143]: Invalid user jenkins from 196.251.88.103
May 12 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6143]: input_userauth_request: invalid user jenkins [preauth]
May 12 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6143]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5785]: pam_unix(cron:session): session closed for user samftp
May 12 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6143]: Failed password for invalid user jenkins from 196.251.88.103 port 49748 ssh2
May 12 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6143]: Connection closed by 196.251.88.103 port 49748 [preauth]
May 12 19:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for root from 196.251.88.103 port 55892 ssh2
May 12 19:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Connection closed by 196.251.88.103 port 55892 [preauth]
May 12 19:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Invalid user testuser from 196.251.88.103
May 12 19:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: input_userauth_request: invalid user testuser [preauth]
May 12 19:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Failed password for invalid user testuser from 196.251.88.103 port 33808 ssh2
May 12 19:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Connection closed by 196.251.88.103 port 33808 [preauth]
May 12 19:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: Invalid user postgres from 196.251.88.103
May 12 19:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: input_userauth_request: invalid user postgres [preauth]
May 12 19:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: Failed password for invalid user postgres from 196.251.88.103 port 39954 ssh2
May 12 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: Connection closed by 196.251.88.103 port 39954 [preauth]
May 12 19:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Invalid user observer from 196.251.88.103
May 12 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: input_userauth_request: invalid user observer [preauth]
May 12 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4670]: pam_unix(cron:session): session closed for user root
May 12 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Failed password for invalid user observer from 196.251.88.103 port 46098 ssh2
May 12 19:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Connection closed by 196.251.88.103 port 46098 [preauth]
May 12 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: Invalid user pi from 196.251.88.103
May 12 19:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: input_userauth_request: invalid user pi [preauth]
May 12 19:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: Failed password for invalid user pi from 196.251.88.103 port 52244 ssh2
May 12 19:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: Connection closed by 196.251.88.103 port 52244 [preauth]
May 12 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: Invalid user app from 196.251.88.103
May 12 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: input_userauth_request: invalid user app [preauth]
May 12 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: Failed password for invalid user app from 196.251.88.103 port 58388 ssh2
May 12 19:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: Connection closed by 196.251.88.103 port 58388 [preauth]
May 12 19:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Invalid user ansible from 196.251.88.103
May 12 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: input_userauth_request: invalid user ansible [preauth]
May 12 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Failed password for invalid user ansible from 196.251.88.103 port 36300 ssh2
May 12 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Connection closed by 196.251.88.103 port 36300 [preauth]
May 12 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.68  user=root
May 12 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Failed password for root from 103.112.131.68 port 35772 ssh2
May 12 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Received disconnect from 103.112.131.68 port 35772:11: Bye Bye [preauth]
May 12 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Disconnected from 103.112.131.68 port 35772 [preauth]
May 12 19:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Invalid user hadoop from 196.251.88.103
May 12 19:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: input_userauth_request: invalid user hadoop [preauth]
May 12 19:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Failed password for invalid user hadoop from 196.251.88.103 port 42442 ssh2
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Connection closed by 196.251.88.103 port 42442 [preauth]
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6347]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6346]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6344]: pam_unix(cron:session): session closed for user p13x
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6411]: Successful su for rubyman by root
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6411]: + ??? root:rubyman
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380745 of user rubyman.
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6411]: pam_unix(su:session): session closed for user rubyman
May 12 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380745.
May 12 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session closed for user root
May 12 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6345]: pam_unix(cron:session): session closed for user samftp
May 12 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6572]: Invalid user administrator from 196.251.88.103
May 12 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6572]: input_userauth_request: invalid user administrator [preauth]
May 12 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6572]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6572]: Failed password for invalid user administrator from 196.251.88.103 port 48590 ssh2
May 12 19:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6572]: Connection closed by 196.251.88.103 port 48590 [preauth]
May 12 19:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: Invalid user lighthouse from 196.251.88.103
May 12 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: input_userauth_request: invalid user lighthouse [preauth]
May 12 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: Failed password for invalid user lighthouse from 196.251.88.103 port 54734 ssh2
May 12 19:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: Connection closed by 196.251.88.103 port 54734 [preauth]
May 12 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: Invalid user postgres from 196.251.88.103
May 12 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: input_userauth_request: invalid user postgres [preauth]
May 12 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: Failed password for invalid user postgres from 196.251.88.103 port 60878 ssh2
May 12 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: Connection closed by 196.251.88.103 port 60878 [preauth]
May 12 19:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6669]: Invalid user dspace from 196.251.88.103
May 12 19:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6669]: input_userauth_request: invalid user dspace [preauth]
May 12 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6669]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6669]: Failed password for invalid user dspace from 196.251.88.103 port 38794 ssh2
May 12 19:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6669]: Connection closed by 196.251.88.103 port 38794 [preauth]
May 12 19:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: Invalid user admin from 196.251.88.103
May 12 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: input_userauth_request: invalid user admin [preauth]
May 12 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5307]: pam_unix(cron:session): session closed for user root
May 12 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: Failed password for invalid user admin from 196.251.88.103 port 44936 ssh2
May 12 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: Connection closed by 196.251.88.103 port 44936 [preauth]
May 12 19:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Invalid user dolphinscheduler from 196.251.88.103
May 12 19:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 19:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Failed password for invalid user dolphinscheduler from 196.251.88.103 port 51080 ssh2
May 12 19:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Connection closed by 196.251.88.103 port 51080 [preauth]
May 12 19:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Invalid user minecraft from 196.251.88.103
May 12 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: input_userauth_request: invalid user minecraft [preauth]
May 12 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Failed password for invalid user minecraft from 196.251.88.103 port 57224 ssh2
May 12 19:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Connection closed by 196.251.88.103 port 57224 [preauth]
May 12 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: Invalid user dev from 196.251.88.103
May 12 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: input_userauth_request: invalid user dev [preauth]
May 12 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: Failed password for invalid user dev from 196.251.88.103 port 35138 ssh2
May 12 19:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: Connection closed by 196.251.88.103 port 35138 [preauth]
May 12 19:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: Invalid user master from 196.251.88.103
May 12 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: input_userauth_request: invalid user master [preauth]
May 12 19:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6785]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6786]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6783]: pam_unix(cron:session): session closed for user p13x
May 12 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6842]: Successful su for rubyman by root
May 12 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6842]: + ??? root:rubyman
May 12 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380748 of user rubyman.
May 12 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6842]: pam_unix(su:session): session closed for user rubyman
May 12 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380748.
May 12 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: Failed password for invalid user master from 196.251.88.103 port 41284 ssh2
May 12 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: Connection closed by 196.251.88.103 port 41284 [preauth]
May 12 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session closed for user root
May 12 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6784]: pam_unix(cron:session): session closed for user samftp
May 12 19:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: Failed password for root from 196.251.88.103 port 47428 ssh2
May 12 19:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: Connection closed by 196.251.88.103 port 47428 [preauth]
May 12 19:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Failed password for root from 196.251.88.103 port 53568 ssh2
May 12 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Connection closed by 196.251.88.103 port 53568 [preauth]
May 12 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: Invalid user ftpuser from 196.251.88.103
May 12 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: input_userauth_request: invalid user ftpuser [preauth]
May 12 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: Failed password for invalid user ftpuser from 196.251.88.103 port 59714 ssh2
May 12 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: Connection closed by 196.251.88.103 port 59714 [preauth]
May 12 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0  user=root
May 12 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: Invalid user debian from 196.251.88.103
May 12 19:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: input_userauth_request: invalid user debian [preauth]
May 12 19:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7189]: Failed password for root from 51.79.167.0 port 59836 ssh2
May 12 19:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7189]: Received disconnect from 51.79.167.0 port 59836:11: Bye Bye [preauth]
May 12 19:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7189]: Disconnected from 51.79.167.0 port 59836 [preauth]
May 12 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: Failed password for invalid user debian from 196.251.88.103 port 37628 ssh2
May 12 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: Connection closed by 196.251.88.103 port 37628 [preauth]
May 12 19:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Failed password for root from 196.251.88.103 port 43772 ssh2
May 12 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Connection closed by 196.251.88.103 port 43772 [preauth]
May 12 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session closed for user root
May 12 19:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Failed password for root from 196.251.88.103 port 49922 ssh2
May 12 19:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Connection closed by 196.251.88.103 port 49922 [preauth]
May 12 19:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: Invalid user user from 196.251.88.103
May 12 19:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: input_userauth_request: invalid user user [preauth]
May 12 19:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: Failed password for invalid user user from 196.251.88.103 port 56066 ssh2
May 12 19:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: Connection closed by 196.251.88.103 port 56066 [preauth]
May 12 19:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Failed password for root from 196.251.88.103 port 33978 ssh2
May 12 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Connection closed by 196.251.88.103 port 33978 [preauth]
May 12 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: Invalid user plexserver from 196.251.88.103
May 12 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: input_userauth_request: invalid user plexserver [preauth]
May 12 19:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: Failed password for invalid user plexserver from 196.251.88.103 port 40122 ssh2
May 12 19:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: Connection closed by 196.251.88.103 port 40122 [preauth]
May 12 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session closed for user p13x
May 12 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: Successful su for rubyman by root
May 12 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: + ??? root:rubyman
May 12 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380752 of user rubyman.
May 12 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: pam_unix(su:session): session closed for user rubyman
May 12 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380752.
May 12 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4082]: pam_unix(cron:session): session closed for user root
May 12 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session closed for user samftp
May 12 19:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for root from 196.251.88.103 port 46270 ssh2
May 12 19:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Connection closed by 196.251.88.103 port 46270 [preauth]
May 12 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: Failed password for root from 196.251.88.103 port 52414 ssh2
May 12 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: Connection closed by 196.251.88.103 port 52414 [preauth]
May 12 19:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: Invalid user deployer from 196.251.88.103
May 12 19:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: input_userauth_request: invalid user deployer [preauth]
May 12 19:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: Failed password for invalid user deployer from 196.251.88.103 port 58562 ssh2
May 12 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: Connection closed by 196.251.88.103 port 58562 [preauth]
May 12 19:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: Invalid user user from 196.251.88.103
May 12 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: input_userauth_request: invalid user user [preauth]
May 12 19:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: Failed password for invalid user user from 196.251.88.103 port 36474 ssh2
May 12 19:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: Connection closed by 196.251.88.103 port 36474 [preauth]
May 12 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Invalid user admin from 196.251.88.103
May 12 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: input_userauth_request: invalid user admin [preauth]
May 12 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6347]: pam_unix(cron:session): session closed for user root
May 12 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Failed password for invalid user admin from 196.251.88.103 port 42620 ssh2
May 12 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Connection closed by 196.251.88.103 port 42620 [preauth]
May 12 19:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Invalid user postgres from 196.251.88.103
May 12 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: input_userauth_request: invalid user postgres [preauth]
May 12 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Failed password for invalid user postgres from 196.251.88.103 port 48760 ssh2
May 12 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Connection closed by 196.251.88.103 port 48760 [preauth]
May 12 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: Invalid user test2 from 196.251.88.103
May 12 19:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: input_userauth_request: invalid user test2 [preauth]
May 12 19:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: Failed password for invalid user test2 from 196.251.88.103 port 54908 ssh2
May 12 19:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: Connection closed by 196.251.88.103 port 54908 [preauth]
May 12 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7837]: Invalid user git from 196.251.88.103
May 12 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7837]: input_userauth_request: invalid user git [preauth]
May 12 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7837]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7837]: Failed password for invalid user git from 196.251.88.103 port 32820 ssh2
May 12 19:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7837]: Connection closed by 196.251.88.103 port 32820 [preauth]
May 12 19:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: Invalid user demo from 196.251.88.103
May 12 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: input_userauth_request: invalid user demo [preauth]
May 12 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7861]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7858]: pam_unix(cron:session): session closed for user p13x
May 12 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7922]: Successful su for rubyman by root
May 12 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7922]: + ??? root:rubyman
May 12 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380756 of user rubyman.
May 12 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7922]: pam_unix(su:session): session closed for user rubyman
May 12 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380756.
May 12 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: Failed password for invalid user demo from 196.251.88.103 port 38962 ssh2
May 12 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: Connection closed by 196.251.88.103 port 38962 [preauth]
May 12 19:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4668]: pam_unix(cron:session): session closed for user root
May 12 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: Invalid user postgres from 196.251.88.103
May 12 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: input_userauth_request: invalid user postgres [preauth]
May 12 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7859]: pam_unix(cron:session): session closed for user samftp
May 12 19:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: Failed password for invalid user postgres from 196.251.88.103 port 45110 ssh2
May 12 19:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: Connection closed by 196.251.88.103 port 45110 [preauth]
May 12 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Invalid user user1 from 196.251.88.103
May 12 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: input_userauth_request: invalid user user1 [preauth]
May 12 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Failed password for invalid user user1 from 196.251.88.103 port 51254 ssh2
May 12 19:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Connection closed by 196.251.88.103 port 51254 [preauth]
May 12 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: Invalid user jfedu1 from 196.251.88.103
May 12 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: input_userauth_request: invalid user jfedu1 [preauth]
May 12 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: Failed password for invalid user jfedu1 from 196.251.88.103 port 57398 ssh2
May 12 19:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: Connection closed by 196.251.88.103 port 57398 [preauth]
May 12 19:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8204]: Invalid user esearch from 196.251.88.103
May 12 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8204]: input_userauth_request: invalid user esearch [preauth]
May 12 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8204]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8204]: Failed password for invalid user esearch from 196.251.88.103 port 35200 ssh2
May 12 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8204]: Connection closed by 196.251.88.103 port 35200 [preauth]
May 12 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6786]: pam_unix(cron:session): session closed for user root
May 12 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: Failed password for root from 196.251.88.103 port 41456 ssh2
May 12 19:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: Connection closed by 196.251.88.103 port 41456 [preauth]
May 12 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: Failed password for root from 196.251.88.103 port 47600 ssh2
May 12 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: Connection closed by 196.251.88.103 port 47600 [preauth]
May 12 19:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: Invalid user gpadmin from 196.251.88.103
May 12 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: input_userauth_request: invalid user gpadmin [preauth]
May 12 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: Failed password for invalid user gpadmin from 196.251.88.103 port 53746 ssh2
May 12 19:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: Connection closed by 196.251.88.103 port 53746 [preauth]
May 12 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Failed password for root from 196.251.88.103 port 59894 ssh2
May 12 19:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Connection closed by 196.251.88.103 port 59894 [preauth]
May 12 19:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: Invalid user mongo from 196.251.88.103
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: input_userauth_request: invalid user mongo [preauth]
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8304]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session closed for user root
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8302]: pam_unix(cron:session): session closed for user p13x
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8374]: Successful su for rubyman by root
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8374]: + ??? root:rubyman
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380761 of user rubyman.
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8374]: pam_unix(su:session): session closed for user rubyman
May 12 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380761.
May 12 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: Failed password for invalid user mongo from 196.251.88.103 port 37802 ssh2
May 12 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: Connection closed by 196.251.88.103 port 37802 [preauth]
May 12 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8304]: pam_unix(cron:session): session closed for user root
May 12 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5306]: pam_unix(cron:session): session closed for user root
May 12 19:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8303]: pam_unix(cron:session): session closed for user samftp
May 12 19:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: User backup from 196.251.88.103 not allowed because not listed in AllowUsers
May 12 19:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: input_userauth_request: invalid user backup [preauth]
May 12 19:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=backup
May 12 19:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Failed password for invalid user backup from 196.251.88.103 port 43948 ssh2
May 12 19:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Connection closed by 196.251.88.103 port 43948 [preauth]
May 12 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Invalid user admin from 196.251.88.103
May 12 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: input_userauth_request: invalid user admin [preauth]
May 12 19:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Failed password for invalid user admin from 196.251.88.103 port 50732 ssh2
May 12 19:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Connection closed by 196.251.88.103 port 50732 [preauth]
May 12 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Invalid user opc from 196.251.88.103
May 12 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: input_userauth_request: invalid user opc [preauth]
May 12 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Failed password for invalid user opc from 196.251.88.103 port 56238 ssh2
May 12 19:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Connection closed by 196.251.88.103 port 56238 [preauth]
May 12 19:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Invalid user ubuntu from 196.251.88.103
May 12 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: input_userauth_request: invalid user ubuntu [preauth]
May 12 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Failed password for invalid user ubuntu from 196.251.88.103 port 34152 ssh2
May 12 19:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Connection closed by 196.251.88.103 port 34152 [preauth]
May 12 19:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session closed for user root
May 12 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Invalid user guest from 196.251.88.103
May 12 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: input_userauth_request: invalid user guest [preauth]
May 12 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Failed password for invalid user guest from 196.251.88.103 port 40302 ssh2
May 12 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Connection closed by 196.251.88.103 port 40302 [preauth]
May 12 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Failed password for root from 196.251.88.103 port 46446 ssh2
May 12 19:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Connection closed by 196.251.88.103 port 46446 [preauth]
May 12 19:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: Failed password for root from 196.251.88.103 port 52590 ssh2
May 12 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: Connection closed by 196.251.88.103 port 52590 [preauth]
May 12 19:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Invalid user oracle from 196.251.88.103
May 12 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: input_userauth_request: invalid user oracle [preauth]
May 12 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Failed password for invalid user oracle from 196.251.88.103 port 58740 ssh2
May 12 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Connection closed by 196.251.88.103 port 58740 [preauth]
May 12 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session closed for user p13x
May 12 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8861]: Successful su for rubyman by root
May 12 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8861]: + ??? root:rubyman
May 12 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380766 of user rubyman.
May 12 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8861]: pam_unix(su:session): session closed for user rubyman
May 12 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380766.
May 12 19:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: Invalid user vagrant from 196.251.88.103
May 12 19:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: input_userauth_request: invalid user vagrant [preauth]
May 12 19:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: Failed password for invalid user vagrant from 196.251.88.103 port 36652 ssh2
May 12 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: Connection closed by 196.251.88.103 port 36652 [preauth]
May 12 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5787]: pam_unix(cron:session): session closed for user root
May 12 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session closed for user samftp
May 12 19:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9054]: Invalid user odoo16 from 196.251.88.103
May 12 19:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9054]: input_userauth_request: invalid user odoo16 [preauth]
May 12 19:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9054]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9054]: Failed password for invalid user odoo16 from 196.251.88.103 port 42796 ssh2
May 12 19:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9054]: Connection closed by 196.251.88.103 port 42796 [preauth]
May 12 19:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Invalid user dolphinscheduler from 196.251.88.103
May 12 19:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 19:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Failed password for invalid user dolphinscheduler from 196.251.88.103 port 48946 ssh2
May 12 19:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Connection closed by 196.251.88.103 port 48946 [preauth]
May 12 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: Invalid user ec2-user from 196.251.88.103
May 12 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: input_userauth_request: invalid user ec2-user [preauth]
May 12 19:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: Failed password for invalid user ec2-user from 196.251.88.103 port 55090 ssh2
May 12 19:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: Connection closed by 196.251.88.103 port 55090 [preauth]
May 12 19:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Invalid user username from 196.251.88.103
May 12 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: input_userauth_request: invalid user username [preauth]
May 12 19:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Failed password for invalid user username from 196.251.88.103 port 33002 ssh2
May 12 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7861]: pam_unix(cron:session): session closed for user root
May 12 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Connection closed by 196.251.88.103 port 33002 [preauth]
May 12 19:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: Invalid user stream from 196.251.88.103
May 12 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: input_userauth_request: invalid user stream [preauth]
May 12 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: Failed password for invalid user stream from 196.251.88.103 port 39158 ssh2
May 12 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9243]: Connection closed by 196.251.88.103 port 39158 [preauth]
May 12 19:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9254]: Failed password for root from 196.251.88.103 port 45312 ssh2
May 12 19:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9254]: Connection closed by 196.251.88.103 port 45312 [preauth]
May 12 19:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Invalid user testuser from 196.251.88.103
May 12 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: input_userauth_request: invalid user testuser [preauth]
May 12 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Failed password for invalid user testuser from 196.251.88.103 port 51460 ssh2
May 12 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Connection closed by 196.251.88.103 port 51460 [preauth]
May 12 19:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Invalid user user from 103.112.131.70
May 12 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: input_userauth_request: invalid user user [preauth]
May 12 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70
May 12 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9330]: Invalid user developer from 196.251.88.103
May 12 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9330]: input_userauth_request: invalid user developer [preauth]
May 12 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9330]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Failed password for invalid user user from 103.112.131.70 port 53040 ssh2
May 12 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Received disconnect from 103.112.131.70 port 53040:11: Bye Bye [preauth]
May 12 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Disconnected from 103.112.131.70 port 53040 [preauth]
May 12 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9330]: Failed password for invalid user developer from 196.251.88.103 port 57608 ssh2
May 12 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9330]: Connection closed by 196.251.88.103 port 57608 [preauth]
May 12 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9345]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9344]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9342]: pam_unix(cron:session): session closed for user p13x
May 12 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9407]: Successful su for rubyman by root
May 12 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9407]: + ??? root:rubyman
May 12 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380770 of user rubyman.
May 12 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9407]: pam_unix(su:session): session closed for user rubyman
May 12 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380770.
May 12 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6346]: pam_unix(cron:session): session closed for user root
May 12 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: Invalid user user2 from 196.251.88.103
May 12 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: input_userauth_request: invalid user user2 [preauth]
May 12 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9343]: pam_unix(cron:session): session closed for user samftp
May 12 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: Failed password for invalid user user2 from 196.251.88.103 port 35518 ssh2
May 12 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: Connection closed by 196.251.88.103 port 35518 [preauth]
May 12 19:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Invalid user media from 196.251.88.103
May 12 19:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: input_userauth_request: invalid user media [preauth]
May 12 19:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Failed password for invalid user media from 196.251.88.103 port 41674 ssh2
May 12 19:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Connection closed by 196.251.88.103 port 41674 [preauth]
May 12 19:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: Invalid user hadoop from 196.251.88.103
May 12 19:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: input_userauth_request: invalid user hadoop [preauth]
May 12 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: Failed password for invalid user hadoop from 196.251.88.103 port 47820 ssh2
May 12 19:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9622]: Connection closed by 196.251.88.103 port 47820 [preauth]
May 12 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: Invalid user uftp from 196.251.88.103
May 12 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: input_userauth_request: invalid user uftp [preauth]
May 12 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: Failed password for invalid user uftp from 196.251.88.103 port 53968 ssh2
May 12 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: Connection closed by 196.251.88.103 port 53968 [preauth]
May 12 19:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9665]: Invalid user www from 196.251.88.103
May 12 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9665]: input_userauth_request: invalid user www [preauth]
May 12 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9665]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session closed for user root
May 12 19:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9665]: Failed password for invalid user www from 196.251.88.103 port 60110 ssh2
May 12 19:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9665]: Connection closed by 196.251.88.103 port 60110 [preauth]
May 12 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: Invalid user oscar from 196.251.88.103
May 12 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: input_userauth_request: invalid user oscar [preauth]
May 12 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: Failed password for invalid user oscar from 196.251.88.103 port 38022 ssh2
May 12 19:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0  user=root
May 12 19:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: Connection closed by 196.251.88.103 port 38022 [preauth]
May 12 19:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: Failed password for root from 51.79.167.0 port 43614 ssh2
May 12 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: Received disconnect from 51.79.167.0 port 43614:11: Bye Bye [preauth]
May 12 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: Disconnected from 51.79.167.0 port 43614 [preauth]
May 12 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9726]: Invalid user gitlab from 196.251.88.103
May 12 19:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9726]: input_userauth_request: invalid user gitlab [preauth]
May 12 19:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9726]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9726]: Failed password for invalid user gitlab from 196.251.88.103 port 44166 ssh2
May 12 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9726]: Connection closed by 196.251.88.103 port 44166 [preauth]
May 12 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: Invalid user kingbase from 196.251.88.103
May 12 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: input_userauth_request: invalid user kingbase [preauth]
May 12 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: Failed password for invalid user kingbase from 196.251.88.103 port 50310 ssh2
May 12 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: Connection closed by 196.251.88.103 port 50310 [preauth]
May 12 19:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: Invalid user dolphinscheduler from 196.251.88.103
May 12 19:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 19:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9768]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9769]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9765]: pam_unix(cron:session): session closed for user p13x
May 12 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9827]: Successful su for rubyman by root
May 12 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9827]: + ??? root:rubyman
May 12 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380774 of user rubyman.
May 12 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9827]: pam_unix(su:session): session closed for user rubyman
May 12 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380774.
May 12 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: Failed password for invalid user dolphinscheduler from 196.251.88.103 port 56460 ssh2
May 12 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9762]: Connection closed by 196.251.88.103 port 56460 [preauth]
May 12 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6785]: pam_unix(cron:session): session closed for user root
May 12 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.43.138.157  user=root
May 12 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9766]: pam_unix(cron:session): session closed for user samftp
May 12 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: Failed password for root from 101.43.138.157 port 33710 ssh2
May 12 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: Connection closed by 101.43.138.157 port 33710 [preauth]
May 12 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: Invalid user zabbix from 196.251.88.103
May 12 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: input_userauth_request: invalid user zabbix [preauth]
May 12 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: Failed password for invalid user zabbix from 196.251.88.103 port 34372 ssh2
May 12 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: Connection closed by 196.251.88.103 port 34372 [preauth]
May 12 19:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: Invalid user plex from 196.251.88.103
May 12 19:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: input_userauth_request: invalid user plex [preauth]
May 12 19:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: Failed password for invalid user plex from 196.251.88.103 port 40520 ssh2
May 12 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: Connection closed by 196.251.88.103 port 40520 [preauth]
May 12 19:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10056]: Invalid user git from 196.251.88.103
May 12 19:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10056]: input_userauth_request: invalid user git [preauth]
May 12 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10056]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10056]: Failed password for invalid user git from 196.251.88.103 port 46664 ssh2
May 12 19:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10056]: Connection closed by 196.251.88.103 port 46664 [preauth]
May 12 19:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Invalid user elasticsearch from 196.251.88.103
May 12 19:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: input_userauth_request: invalid user elasticsearch [preauth]
May 12 19:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Failed password for invalid user elasticsearch from 196.251.88.103 port 52806 ssh2
May 12 19:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Connection closed by 196.251.88.103 port 52806 [preauth]
May 12 19:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session closed for user root
May 12 19:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: Failed password for root from 196.251.88.103 port 58954 ssh2
May 12 19:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: Connection closed by 196.251.88.103 port 58954 [preauth]
May 12 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: Invalid user tom from 196.251.88.103
May 12 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: input_userauth_request: invalid user tom [preauth]
May 12 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: Failed password for invalid user tom from 196.251.88.103 port 36866 ssh2
May 12 19:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: Connection closed by 196.251.88.103 port 36866 [preauth]
May 12 19:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Invalid user test from 196.251.88.103
May 12 19:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: input_userauth_request: invalid user test [preauth]
May 12 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Failed password for invalid user test from 196.251.88.103 port 43018 ssh2
May 12 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Connection closed by 196.251.88.103 port 43018 [preauth]
May 12 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10165]: Invalid user guest from 196.251.88.103
May 12 19:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10165]: input_userauth_request: invalid user guest [preauth]
May 12 19:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10165]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10165]: Failed password for invalid user guest from 196.251.88.103 port 49162 ssh2
May 12 19:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10165]: Connection closed by 196.251.88.103 port 49162 [preauth]
May 12 19:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10180]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10178]: pam_unix(cron:session): session closed for user p13x
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: Invalid user bigdata from 196.251.88.103
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: input_userauth_request: invalid user bigdata [preauth]
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10330]: Successful su for rubyman by root
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10330]: + ??? root:rubyman
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380780 of user rubyman.
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10330]: pam_unix(su:session): session closed for user rubyman
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380780.
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session closed for user root
May 12 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: Failed password for invalid user bigdata from 196.251.88.103 port 55310 ssh2
May 12 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: Connection closed by 196.251.88.103 port 55310 [preauth]
May 12 19:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10179]: pam_unix(cron:session): session closed for user samftp
May 12 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Invalid user data from 196.251.88.103
May 12 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: input_userauth_request: invalid user data [preauth]
May 12 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Failed password for invalid user data from 196.251.88.103 port 33224 ssh2
May 12 19:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Connection closed by 196.251.88.103 port 33224 [preauth]
May 12 19:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Invalid user esuser from 196.251.88.103
May 12 19:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: input_userauth_request: invalid user esuser [preauth]
May 12 19:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.58.167.17  user=root
May 12 19:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Failed password for invalid user esuser from 196.251.88.103 port 39368 ssh2
May 12 19:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: Failed password for root from 106.58.167.17 port 34018 ssh2
May 12 19:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: Connection closed by 106.58.167.17 port 34018 [preauth]
May 12 19:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Connection closed by 196.251.88.103 port 39368 [preauth]
May 12 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10582]: Failed password for root from 196.251.88.103 port 45516 ssh2
May 12 19:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10582]: Connection closed by 196.251.88.103 port 45516 [preauth]
May 12 19:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: Failed password for root from 196.251.88.103 port 51660 ssh2
May 12 19:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: Connection closed by 196.251.88.103 port 51660 [preauth]
May 12 19:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: Invalid user test from 196.251.88.103
May 12 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: input_userauth_request: invalid user test [preauth]
May 12 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9345]: pam_unix(cron:session): session closed for user root
May 12 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: Failed password for invalid user test from 196.251.88.103 port 57806 ssh2
May 12 19:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: Connection closed by 196.251.88.103 port 57806 [preauth]
May 12 19:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May 12 19:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Failed password for root from 45.6.188.43 port 45478 ssh2
May 12 19:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Connection closed by 45.6.188.43 port 45478 [preauth]
May 12 19:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: Invalid user user2 from 196.251.88.103
May 12 19:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: input_userauth_request: invalid user user2 [preauth]
May 12 19:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: Failed password for invalid user user2 from 196.251.88.103 port 35722 ssh2
May 12 19:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: Connection closed by 196.251.88.103 port 35722 [preauth]
May 12 19:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May 12 19:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Failed password for root from 196.251.88.103 port 41866 ssh2
May 12 19:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Connection closed by 196.251.88.103 port 41866 [preauth]
May 12 19:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Invalid user user1 from 196.251.88.103
May 12 19:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: input_userauth_request: invalid user user1 [preauth]
May 12 19:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Failed password for invalid user user1 from 196.251.88.103 port 48010 ssh2
May 12 19:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Connection closed by 196.251.88.103 port 48010 [preauth]
May 12 19:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Invalid user pi from 196.251.88.103
May 12 19:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: input_userauth_request: invalid user pi [preauth]
May 12 19:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Failed password for invalid user pi from 196.251.88.103 port 54156 ssh2
May 12 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10784]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10782]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10784]: pam_unix(cron:session): session closed for user root
May 12 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session closed for user p13x
May 12 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Connection closed by 196.251.88.103 port 54156 [preauth]
May 12 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10851]: Successful su for rubyman by root
May 12 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10851]: + ??? root:rubyman
May 12 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380782 of user rubyman.
May 12 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10851]: pam_unix(su:session): session closed for user rubyman
May 12 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380782.
May 12 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session closed for user root
May 12 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session closed for user root
May 12 19:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11023]: Invalid user oracle from 196.251.88.103
May 12 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11023]: input_userauth_request: invalid user oracle [preauth]
May 12 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11023]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session closed for user samftp
May 12 19:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11023]: Failed password for invalid user oracle from 196.251.88.103 port 60302 ssh2
May 12 19:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11023]: Connection closed by 196.251.88.103 port 60302 [preauth]
May 12 19:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: Invalid user steam from 196.251.88.103
May 12 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: input_userauth_request: invalid user steam [preauth]
May 12 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May 12 19:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: Failed password for invalid user steam from 196.251.88.103 port 38214 ssh2
May 12 19:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: Connection closed by 196.251.88.103 port 38214 [preauth]
May 12 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9769]: pam_unix(cron:session): session closed for user root
May 12 19:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Invalid user admin from 80.94.95.112
May 12 19:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: input_userauth_request: invalid user admin [preauth]
May 12 19:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 19:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Failed password for invalid user admin from 80.94.95.112 port 53407 ssh2
May 12 19:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Failed password for invalid user admin from 80.94.95.112 port 53407 ssh2
May 12 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Failed password for invalid user admin from 80.94.95.112 port 53407 ssh2
May 12 19:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Failed password for invalid user admin from 80.94.95.112 port 53407 ssh2
May 12 19:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11212]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11211]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session closed for user p13x
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Failed password for invalid user admin from 80.94.95.112 port 53407 ssh2
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11275]: Successful su for rubyman by root
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11275]: + ??? root:rubyman
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380788 of user rubyman.
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11275]: pam_unix(su:session): session closed for user rubyman
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380788.
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Received disconnect from 80.94.95.112 port 53407:11: Bye [preauth]
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Disconnected from 80.94.95.112 port 53407 [preauth]
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session closed for user root
May 12 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11210]: pam_unix(cron:session): session closed for user samftp
May 12 19:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Invalid user vpn from 80.94.95.125
May 12 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: input_userauth_request: invalid user vpn [preauth]
May 12 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 19:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Failed password for invalid user vpn from 80.94.95.125 port 8016 ssh2
May 12 19:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Received disconnect from 80.94.95.125 port 8016:11: Bye [preauth]
May 12 19:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Disconnected from 80.94.95.125 port 8016 [preauth]
May 12 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session closed for user root
May 12 19:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11617]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11618]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session closed for user p13x
May 12 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11674]: Successful su for rubyman by root
May 12 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11674]: + ??? root:rubyman
May 12 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380792 of user rubyman.
May 12 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11674]: pam_unix(su:session): session closed for user rubyman
May 12 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380792.
May 12 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session closed for user root
May 12 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11616]: pam_unix(cron:session): session closed for user samftp
May 12 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10783]: pam_unix(cron:session): session closed for user root
May 12 19:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: User mysql from 103.112.131.68 not allowed because not listed in AllowUsers
May 12 19:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: input_userauth_request: invalid user mysql [preauth]
May 12 19:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.68  user=mysql
May 12 19:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Failed password for invalid user mysql from 103.112.131.68 port 41470 ssh2
May 12 19:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Received disconnect from 103.112.131.68 port 41470:11: Bye Bye [preauth]
May 12 19:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Disconnected from 103.112.131.68 port 41470 [preauth]
May 12 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12006]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12005]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12003]: pam_unix(cron:session): session closed for user p13x
May 12 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12062]: Successful su for rubyman by root
May 12 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12062]: + ??? root:rubyman
May 12 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380797 of user rubyman.
May 12 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12062]: pam_unix(su:session): session closed for user rubyman
May 12 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380797.
May 12 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9344]: pam_unix(cron:session): session closed for user root
May 12 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: Invalid user lab from 51.79.167.0
May 12 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: input_userauth_request: invalid user lab [preauth]
May 12 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12004]: pam_unix(cron:session): session closed for user samftp
May 12 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: Failed password for invalid user lab from 51.79.167.0 port 55742 ssh2
May 12 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: Received disconnect from 51.79.167.0 port 55742:11: Bye Bye [preauth]
May 12 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: Disconnected from 51.79.167.0 port 55742 [preauth]
May 12 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11212]: pam_unix(cron:session): session closed for user root
May 12 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12421]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12422]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12419]: pam_unix(cron:session): session closed for user p13x
May 12 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12478]: Successful su for rubyman by root
May 12 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12478]: + ??? root:rubyman
May 12 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380802 of user rubyman.
May 12 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12478]: pam_unix(su:session): session closed for user rubyman
May 12 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380802.
May 12 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9768]: pam_unix(cron:session): session closed for user root
May 12 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12420]: pam_unix(cron:session): session closed for user samftp
May 12 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11618]: pam_unix(cron:session): session closed for user root
May 12 19:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 19:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12753]: Failed password for root from 218.92.0.179 port 37163 ssh2
May 12 19:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12753]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 37163 ssh2]
May 12 19:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12753]: Received disconnect from 218.92.0.179 port 37163:11:  [preauth]
May 12 19:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12753]: Disconnected from 218.92.0.179 port 37163 [preauth]
May 12 19:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12753]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12810]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12809]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12808]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12806]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12810]: pam_unix(cron:session): session closed for user root
May 12 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12804]: pam_unix(cron:session): session closed for user p13x
May 12 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12871]: Successful su for rubyman by root
May 12 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12871]: + ??? root:rubyman
May 12 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380806 of user rubyman.
May 12 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12871]: pam_unix(su:session): session closed for user rubyman
May 12 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380806.
May 12 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12806]: pam_unix(cron:session): session closed for user root
May 12 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10180]: pam_unix(cron:session): session closed for user root
May 12 19:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12805]: pam_unix(cron:session): session closed for user samftp
May 12 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12006]: pam_unix(cron:session): session closed for user root
May 12 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13228]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13229]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13226]: pam_unix(cron:session): session closed for user p13x
May 12 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13299]: Successful su for rubyman by root
May 12 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13299]: + ??? root:rubyman
May 12 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380810 of user rubyman.
May 12 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13299]: pam_unix(su:session): session closed for user rubyman
May 12 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380810.
May 12 19:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10782]: pam_unix(cron:session): session closed for user root
May 12 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13227]: pam_unix(cron:session): session closed for user samftp
May 12 19:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12422]: pam_unix(cron:session): session closed for user root
May 12 19:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Did not receive identification string from 125.72.54.155
May 12 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13741]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13739]: pam_unix(cron:session): session closed for user p13x
May 12 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13803]: Successful su for rubyman by root
May 12 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13803]: + ??? root:rubyman
May 12 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380816 of user rubyman.
May 12 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13803]: pam_unix(su:session): session closed for user rubyman
May 12 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380816.
May 12 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11211]: pam_unix(cron:session): session closed for user root
May 12 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13740]: pam_unix(cron:session): session closed for user samftp
May 12 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12809]: pam_unix(cron:session): session closed for user root
May 12 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14143]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14144]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14141]: pam_unix(cron:session): session closed for user p13x
May 12 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14205]: Successful su for rubyman by root
May 12 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14205]: + ??? root:rubyman
May 12 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380820 of user rubyman.
May 12 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14205]: pam_unix(su:session): session closed for user rubyman
May 12 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380820.
May 12 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11617]: pam_unix(cron:session): session closed for user root
May 12 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14142]: pam_unix(cron:session): session closed for user samftp
May 12 19:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: Invalid user linkdood from 51.79.167.0
May 12 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: input_userauth_request: invalid user linkdood [preauth]
May 12 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.167.0
May 12 19:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: Failed password for invalid user linkdood from 51.79.167.0 port 39590 ssh2
May 12 19:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: Received disconnect from 51.79.167.0 port 39590:11: Bye Bye [preauth]
May 12 19:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: Disconnected from 51.79.167.0 port 39590 [preauth]
May 12 19:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13229]: pam_unix(cron:session): session closed for user root
May 12 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: Invalid user kiana from 103.112.131.70
May 12 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: input_userauth_request: invalid user kiana [preauth]
May 12 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70
May 12 19:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: Failed password for invalid user kiana from 103.112.131.70 port 45400 ssh2
May 12 19:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: Received disconnect from 103.112.131.70 port 45400:11: Bye Bye [preauth]
May 12 19:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: Disconnected from 103.112.131.70 port 45400 [preauth]
May 12 19:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: Failed password for root from 218.92.0.179 port 25957 ssh2
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14557]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14556]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14551]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14553]: pam_unix(cron:session): session closed for user p13x
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14687]: Successful su for rubyman by root
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14687]: + ??? root:rubyman
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380823 of user rubyman.
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14687]: pam_unix(su:session): session closed for user rubyman
May 12 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380823.
May 12 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14551]: pam_unix(cron:session): session closed for user root
May 12 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: Failed password for root from 218.92.0.179 port 25957 ssh2
May 12 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12005]: pam_unix(cron:session): session closed for user root
May 12 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: Failed password for root from 218.92.0.179 port 25957 ssh2
May 12 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: Received disconnect from 218.92.0.179 port 25957:11:  [preauth]
May 12 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: Disconnected from 218.92.0.179 port 25957 [preauth]
May 12 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14555]: pam_unix(cron:session): session closed for user samftp
May 12 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session closed for user root
May 12 19:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15035]: Bad protocol version identification 'GET / HTTP/1.0' from 80.82.70.133 port 60000
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15064]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15067]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15067]: pam_unix(cron:session): session closed for user root
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15062]: pam_unix(cron:session): session closed for user p13x
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15129]: Successful su for rubyman by root
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15129]: + ??? root:rubyman
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380830 of user rubyman.
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15129]: pam_unix(su:session): session closed for user rubyman
May 12 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380830.
May 12 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15064]: pam_unix(cron:session): session closed for user root
May 12 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12421]: pam_unix(cron:session): session closed for user root
May 12 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15063]: pam_unix(cron:session): session closed for user samftp
May 12 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14144]: pam_unix(cron:session): session closed for user root
May 12 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session closed for user p13x
May 12 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15547]: Successful su for rubyman by root
May 12 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15547]: + ??? root:rubyman
May 12 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380833 of user rubyman.
May 12 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15547]: pam_unix(su:session): session closed for user rubyman
May 12 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380833.
May 12 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12808]: pam_unix(cron:session): session closed for user root
May 12 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session closed for user samftp
May 12 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14557]: pam_unix(cron:session): session closed for user root
May 12 19:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Invalid user kubeadmin from 193.32.162.157
May 12 19:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: input_userauth_request: invalid user kubeadmin [preauth]
May 12 19:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 19:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Failed password for invalid user kubeadmin from 193.32.162.157 port 39592 ssh2
May 12 19:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Connection closed by 193.32.162.157 port 39592 [preauth]
May 12 19:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15894]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15893]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15891]: pam_unix(cron:session): session closed for user p13x
May 12 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15958]: Successful su for rubyman by root
May 12 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15958]: + ??? root:rubyman
May 12 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380837 of user rubyman.
May 12 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15958]: pam_unix(su:session): session closed for user rubyman
May 12 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380837.
May 12 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13228]: pam_unix(cron:session): session closed for user root
May 12 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15892]: pam_unix(cron:session): session closed for user samftp
May 12 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Invalid user aaa from 193.32.162.157
May 12 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: input_userauth_request: invalid user aaa [preauth]
May 12 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 19:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Failed password for invalid user aaa from 193.32.162.157 port 48622 ssh2
May 12 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Connection closed by 193.32.162.157 port 48622 [preauth]
May 12 19:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: Invalid user kubeadmin from 193.32.162.157
May 12 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: input_userauth_request: invalid user kubeadmin [preauth]
May 12 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 19:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: Failed password for invalid user kubeadmin from 193.32.162.157 port 27182 ssh2
May 12 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: Connection closed by 193.32.162.157 port 27182 [preauth]
May 12 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session closed for user root
May 12 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Invalid user 1234567890 from 193.32.162.157
May 12 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: input_userauth_request: invalid user 1234567890 [preauth]
May 12 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 19:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Failed password for invalid user 1234567890 from 193.32.162.157 port 17688 ssh2
May 12 19:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Connection closed by 193.32.162.157 port 17688 [preauth]
May 12 19:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Invalid user adm from 193.32.162.157
May 12 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: input_userauth_request: invalid user adm [preauth]
May 12 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Failed password for invalid user adm from 193.32.162.157 port 41734 ssh2
May 12 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session closed for user p13x
May 12 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: Successful su for rubyman by root
May 12 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: + ??? root:rubyman
May 12 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380842 of user rubyman.
May 12 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: pam_unix(su:session): session closed for user rubyman
May 12 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380842.
May 12 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Connection closed by 193.32.162.157 port 41734 [preauth]
May 12 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13741]: pam_unix(cron:session): session closed for user root
May 12 19:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session closed for user samftp
May 12 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session closed for user root
May 12 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16729]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16726]: pam_unix(cron:session): session closed for user p13x
May 12 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16789]: Successful su for rubyman by root
May 12 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16789]: + ??? root:rubyman
May 12 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380845 of user rubyman.
May 12 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16789]: pam_unix(su:session): session closed for user rubyman
May 12 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380845.
May 12 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14143]: pam_unix(cron:session): session closed for user root
May 12 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session closed for user samftp
May 12 19:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Invalid user admin from 80.94.95.125
May 12 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: input_userauth_request: invalid user admin [preauth]
May 12 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Failed password for invalid user admin from 80.94.95.125 port 14501 ssh2
May 12 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Received disconnect from 80.94.95.125 port 14501:11: Bye [preauth]
May 12 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Disconnected from 80.94.95.125 port 14501 [preauth]
May 12 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15894]: pam_unix(cron:session): session closed for user root
May 12 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Invalid user server from 103.112.131.71
May 12 19:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: input_userauth_request: invalid user server [preauth]
May 12 19:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.71
May 12 19:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Failed password for invalid user server from 103.112.131.71 port 52852 ssh2
May 12 19:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Received disconnect from 103.112.131.71 port 52852:11: Bye Bye [preauth]
May 12 19:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Disconnected from 103.112.131.71 port 52852 [preauth]
May 12 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session closed for user root
May 12 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session closed for user p13x
May 12 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17229]: Successful su for rubyman by root
May 12 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17229]: + ??? root:rubyman
May 12 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380852 of user rubyman.
May 12 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17229]: pam_unix(su:session): session closed for user rubyman
May 12 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380852.
May 12 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session closed for user root
May 12 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14556]: pam_unix(cron:session): session closed for user root
May 12 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session closed for user samftp
May 12 19:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session closed for user root
May 12 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17606]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17603]: pam_unix(cron:session): session closed for user p13x
May 12 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17681]: Successful su for rubyman by root
May 12 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17681]: + ??? root:rubyman
May 12 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380855 of user rubyman.
May 12 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17681]: pam_unix(su:session): session closed for user rubyman
May 12 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380855.
May 12 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session closed for user root
May 12 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17604]: pam_unix(cron:session): session closed for user samftp
May 12 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16729]: pam_unix(cron:session): session closed for user root
May 12 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18146]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18147]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18144]: pam_unix(cron:session): session closed for user p13x
May 12 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: Successful su for rubyman by root
May 12 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: + ??? root:rubyman
May 12 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380859 of user rubyman.
May 12 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: pam_unix(su:session): session closed for user rubyman
May 12 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380859.
May 12 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session closed for user root
May 12 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18145]: pam_unix(cron:session): session closed for user samftp
May 12 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session closed for user root
May 12 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18550]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18549]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18547]: pam_unix(cron:session): session closed for user p13x
May 12 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18609]: Successful su for rubyman by root
May 12 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18609]: + ??? root:rubyman
May 12 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380863 of user rubyman.
May 12 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18609]: pam_unix(su:session): session closed for user rubyman
May 12 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380863.
May 12 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15893]: pam_unix(cron:session): session closed for user root
May 12 19:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18548]: pam_unix(cron:session): session closed for user samftp
May 12 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17606]: pam_unix(cron:session): session closed for user root
May 12 19:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May 12 19:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18924]: Failed password for root from 218.92.0.215 port 27680 ssh2
May 12 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18955]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18953]: pam_unix(cron:session): session closed for user p13x
May 12 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19012]: Successful su for rubyman by root
May 12 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19012]: + ??? root:rubyman
May 12 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380868 of user rubyman.
May 12 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19012]: pam_unix(su:session): session closed for user rubyman
May 12 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380868.
May 12 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session closed for user root
May 12 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18954]: pam_unix(cron:session): session closed for user samftp
May 12 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18147]: pam_unix(cron:session): session closed for user root
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19367]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19366]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19367]: pam_unix(cron:session): session closed for user root
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19362]: pam_unix(cron:session): session closed for user p13x
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19431]: Successful su for rubyman by root
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19431]: + ??? root:rubyman
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380876 of user rubyman.
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19431]: pam_unix(su:session): session closed for user rubyman
May 12 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380876.
May 12 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session closed for user root
May 12 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session closed for user root
May 12 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19363]: pam_unix(cron:session): session closed for user samftp
May 12 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18550]: pam_unix(cron:session): session closed for user root
May 12 19:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Invalid user download from 103.112.131.70
May 12 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: input_userauth_request: invalid user download [preauth]
May 12 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70
May 12 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Failed password for invalid user download from 103.112.131.70 port 39082 ssh2
May 12 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Received disconnect from 103.112.131.70 port 39082:11: Bye Bye [preauth]
May 12 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Disconnected from 103.112.131.70 port 39082 [preauth]
May 12 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19825]: pam_unix(cron:session): session closed for user p13x
May 12 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19894]: Successful su for rubyman by root
May 12 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19894]: + ??? root:rubyman
May 12 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380878 of user rubyman.
May 12 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19894]: pam_unix(su:session): session closed for user rubyman
May 12 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380878.
May 12 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session closed for user root
May 12 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session closed for user samftp
May 12 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session closed for user root
May 12 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20240]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20239]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20237]: pam_unix(cron:session): session closed for user p13x
May 12 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20298]: Successful su for rubyman by root
May 12 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20298]: + ??? root:rubyman
May 12 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380881 of user rubyman.
May 12 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20298]: pam_unix(su:session): session closed for user rubyman
May 12 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380881.
May 12 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session closed for user root
May 12 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20238]: pam_unix(cron:session): session closed for user samftp
May 12 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19366]: pam_unix(cron:session): session closed for user root
May 12 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20642]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20643]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20639]: pam_unix(cron:session): session closed for user p13x
May 12 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20705]: Successful su for rubyman by root
May 12 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20705]: + ??? root:rubyman
May 12 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380888 of user rubyman.
May 12 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20705]: pam_unix(su:session): session closed for user rubyman
May 12 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380888.
May 12 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18146]: pam_unix(cron:session): session closed for user root
May 12 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20641]: pam_unix(cron:session): session closed for user samftp
May 12 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session closed for user root
May 12 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21058]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session closed for user p13x
May 12 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21124]: Successful su for rubyman by root
May 12 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21124]: + ??? root:rubyman
May 12 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380892 of user rubyman.
May 12 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21124]: pam_unix(su:session): session closed for user rubyman
May 12 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380892.
May 12 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18549]: pam_unix(cron:session): session closed for user root
May 12 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session closed for user samftp
May 12 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20240]: pam_unix(cron:session): session closed for user root
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21499]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21500]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session closed for user root
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21496]: pam_unix(cron:session): session closed for user p13x
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21575]: Successful su for rubyman by root
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21575]: + ??? root:rubyman
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380897 of user rubyman.
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21575]: pam_unix(su:session): session closed for user rubyman
May 12 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380897.
May 12 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session closed for user root
May 12 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18955]: pam_unix(cron:session): session closed for user root
May 12 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session closed for user samftp
May 12 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20643]: pam_unix(cron:session): session closed for user root
May 12 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22282]: pam_unix(cron:session): session closed for user p13x
May 12 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22358]: Successful su for rubyman by root
May 12 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22358]: + ??? root:rubyman
May 12 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380899 of user rubyman.
May 12 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22358]: pam_unix(su:session): session closed for user rubyman
May 12 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380899.
May 12 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session closed for user root
May 12 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session closed for user samftp
May 12 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: Connection closed by 20.29.24.158 port 39294 [preauth]
May 12 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session closed for user root
May 12 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: Invalid user sunxw from 103.112.131.70
May 12 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: input_userauth_request: invalid user sunxw [preauth]
May 12 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70
May 12 19:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: Failed password for invalid user sunxw from 103.112.131.70 port 54808 ssh2
May 12 19:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: Received disconnect from 103.112.131.70 port 54808:11: Bye Bye [preauth]
May 12 19:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: Disconnected from 103.112.131.70 port 54808 [preauth]
May 12 19:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22740]: Invalid user admin from 80.94.95.125
May 12 19:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22740]: input_userauth_request: invalid user admin [preauth]
May 12 19:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22740]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22740]: Failed password for invalid user admin from 80.94.95.125 port 32394 ssh2
May 12 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22740]: Received disconnect from 80.94.95.125 port 32394:11: Bye [preauth]
May 12 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22740]: Disconnected from 80.94.95.125 port 32394 [preauth]
May 12 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22760]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session closed for user p13x
May 12 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22831]: Successful su for rubyman by root
May 12 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22831]: + ??? root:rubyman
May 12 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380904 of user rubyman.
May 12 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22831]: pam_unix(su:session): session closed for user rubyman
May 12 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380904.
May 12 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session closed for user root
May 12 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session closed for user samftp
May 12 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21500]: pam_unix(cron:session): session closed for user root
May 12 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23229]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23228]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23226]: pam_unix(cron:session): session closed for user p13x
May 12 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23287]: Successful su for rubyman by root
May 12 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23287]: + ??? root:rubyman
May 12 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380908 of user rubyman.
May 12 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23287]: pam_unix(su:session): session closed for user rubyman
May 12 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380908.
May 12 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20239]: pam_unix(cron:session): session closed for user root
May 12 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23227]: pam_unix(cron:session): session closed for user samftp
May 12 19:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session closed for user root
May 12 19:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 19:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: Invalid user hannet from 190.103.202.7
May 12 19:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: input_userauth_request: invalid user hannet [preauth]
May 12 19:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: pam_unix(sshd:auth): check pass; user unknown
May 12 19:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: Failed password for invalid user hannet from 190.103.202.7 port 32822 ssh2
May 12 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: Connection closed by 190.103.202.7 port 32822 [preauth]
May 12 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23721]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23722]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23718]: pam_unix(cron:session): session closed for user p13x
May 12 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23873]: Successful su for rubyman by root
May 12 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23873]: + ??? root:rubyman
May 12 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380912 of user rubyman.
May 12 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23873]: pam_unix(su:session): session closed for user rubyman
May 12 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380912.
May 12 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20642]: pam_unix(cron:session): session closed for user root
May 12 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23720]: pam_unix(cron:session): session closed for user samftp
May 12 19:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22760]: pam_unix(cron:session): session closed for user root
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24252]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24251]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24247]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24250]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24247]: pam_unix(cron:session): session closed for user root
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24252]: pam_unix(cron:session): session closed for user root
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24245]: pam_unix(cron:session): session closed for user p13x
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24356]: Successful su for rubyman by root
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24356]: + ??? root:rubyman
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380918 of user rubyman.
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24356]: pam_unix(su:session): session closed for user rubyman
May 12 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380918.
May 12 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session closed for user root
May 12 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21058]: pam_unix(cron:session): session closed for user root
May 12 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24246]: pam_unix(cron:session): session closed for user samftp
May 12 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23229]: pam_unix(cron:session): session closed for user root
May 12 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24785]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24784]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24782]: pam_unix(cron:session): session closed for user p13x
May 12 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24851]: Successful su for rubyman by root
May 12 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24851]: + ??? root:rubyman
May 12 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380923 of user rubyman.
May 12 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24851]: pam_unix(su:session): session closed for user rubyman
May 12 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380923.
May 12 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21499]: pam_unix(cron:session): session closed for user root
May 12 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24783]: pam_unix(cron:session): session closed for user samftp
May 12 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23722]: pam_unix(cron:session): session closed for user root
May 12 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session closed for user p13x
May 12 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25275]: Successful su for rubyman by root
May 12 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25275]: + ??? root:rubyman
May 12 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380926 of user rubyman.
May 12 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25275]: pam_unix(su:session): session closed for user rubyman
May 12 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380926.
May 12 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session closed for user root
May 12 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session closed for user samftp
May 12 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24251]: pam_unix(cron:session): session closed for user root
May 12 20:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70  user=root
May 12 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Failed password for root from 103.112.131.70 port 60604 ssh2
May 12 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Received disconnect from 103.112.131.70 port 60604:11: Bye Bye [preauth]
May 12 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Disconnected from 103.112.131.70 port 60604 [preauth]
May 12 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session closed for user p13x
May 12 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: Successful su for rubyman by root
May 12 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: + ??? root:rubyman
May 12 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380930 of user rubyman.
May 12 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: pam_unix(su:session): session closed for user rubyman
May 12 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380930.
May 12 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session closed for user root
May 12 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session closed for user samftp
May 12 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Invalid user admin from 80.94.95.112
May 12 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: input_userauth_request: invalid user admin [preauth]
May 12 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Failed password for invalid user admin from 80.94.95.112 port 7686 ssh2
May 12 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Failed password for invalid user admin from 80.94.95.112 port 7686 ssh2
May 12 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Failed password for invalid user admin from 80.94.95.112 port 7686 ssh2
May 12 20:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Failed password for invalid user admin from 80.94.95.112 port 7686 ssh2
May 12 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Failed password for invalid user admin from 80.94.95.112 port 7686 ssh2
May 12 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Received disconnect from 80.94.95.112 port 7686:11: Bye [preauth]
May 12 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Disconnected from 80.94.95.112 port 7686 [preauth]
May 12 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24785]: pam_unix(cron:session): session closed for user root
May 12 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session closed for user p13x
May 12 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26174]: Successful su for rubyman by root
May 12 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26174]: + ??? root:rubyman
May 12 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380934 of user rubyman.
May 12 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26174]: pam_unix(su:session): session closed for user rubyman
May 12 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380934.
May 12 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23228]: pam_unix(cron:session): session closed for user root
May 12 20:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session closed for user samftp
May 12 20:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session closed for user root
May 12 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26604]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26603]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26606]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26605]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26606]: pam_unix(cron:session): session closed for user root
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26601]: pam_unix(cron:session): session closed for user p13x
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26674]: Successful su for rubyman by root
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26674]: + ??? root:rubyman
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380941 of user rubyman.
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26674]: pam_unix(su:session): session closed for user rubyman
May 12 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380941.
May 12 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23721]: pam_unix(cron:session): session closed for user root
May 12 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26603]: pam_unix(cron:session): session closed for user root
May 12 20:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26602]: pam_unix(cron:session): session closed for user samftp
May 12 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session closed for user root
May 12 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27150]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27149]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27147]: pam_unix(cron:session): session closed for user p13x
May 12 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27224]: Successful su for rubyman by root
May 12 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27224]: + ??? root:rubyman
May 12 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380944 of user rubyman.
May 12 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27224]: pam_unix(su:session): session closed for user rubyman
May 12 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380944.
May 12 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24250]: pam_unix(cron:session): session closed for user root
May 12 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27148]: pam_unix(cron:session): session closed for user samftp
May 12 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session closed for user root
May 12 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27675]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27676]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27673]: pam_unix(cron:session): session closed for user p13x
May 12 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27740]: Successful su for rubyman by root
May 12 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27740]: + ??? root:rubyman
May 12 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380949 of user rubyman.
May 12 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27740]: pam_unix(su:session): session closed for user rubyman
May 12 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380949.
May 12 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24784]: pam_unix(cron:session): session closed for user root
May 12 20:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27674]: pam_unix(cron:session): session closed for user samftp
May 12 20:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26605]: pam_unix(cron:session): session closed for user root
May 12 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28107]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28108]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28105]: pam_unix(cron:session): session closed for user p13x
May 12 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28171]: Successful su for rubyman by root
May 12 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28171]: + ??? root:rubyman
May 12 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380953 of user rubyman.
May 12 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28171]: pam_unix(su:session): session closed for user rubyman
May 12 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380953.
May 12 20:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session closed for user root
May 12 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28106]: pam_unix(cron:session): session closed for user samftp
May 12 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27150]: pam_unix(cron:session): session closed for user root
May 12 20:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Invalid user test123 from 103.112.131.70
May 12 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: input_userauth_request: invalid user test123 [preauth]
May 12 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.131.70
May 12 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Failed password for invalid user test123 from 103.112.131.70 port 45008 ssh2
May 12 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Received disconnect from 103.112.131.70 port 45008:11: Bye Bye [preauth]
May 12 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Disconnected from 103.112.131.70 port 45008 [preauth]
May 12 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session closed for user p13x
May 12 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28638]: Successful su for rubyman by root
May 12 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28638]: + ??? root:rubyman
May 12 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380958 of user rubyman.
May 12 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28638]: pam_unix(su:session): session closed for user rubyman
May 12 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380958.
May 12 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session closed for user root
May 12 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session closed for user root
May 12 20:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session closed for user samftp
May 12 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27676]: pam_unix(cron:session): session closed for user root
May 12 20:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: Invalid user oracle from 80.94.95.125
May 12 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: input_userauth_request: invalid user oracle [preauth]
May 12 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May 12 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: Failed password for invalid user oracle from 80.94.95.125 port 15725 ssh2
May 12 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: Received disconnect from 80.94.95.125 port 15725:11: Bye [preauth]
May 12 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: Disconnected from 80.94.95.125 port 15725 [preauth]
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29013]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29015]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29014]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29012]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29015]: pam_unix(cron:session): session closed for user root
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29010]: pam_unix(cron:session): session closed for user p13x
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29173]: Successful su for rubyman by root
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29173]: + ??? root:rubyman
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380964 of user rubyman.
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29173]: pam_unix(su:session): session closed for user rubyman
May 12 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380964.
May 12 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29012]: pam_unix(cron:session): session closed for user root
May 12 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session closed for user root
May 12 20:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29011]: pam_unix(cron:session): session closed for user samftp
May 12 20:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28108]: pam_unix(cron:session): session closed for user root
May 12 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29549]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session closed for user p13x
May 12 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29619]: Successful su for rubyman by root
May 12 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29619]: + ??? root:rubyman
May 12 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380968 of user rubyman.
May 12 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29619]: pam_unix(su:session): session closed for user rubyman
May 12 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380968.
May 12 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26604]: pam_unix(cron:session): session closed for user root
May 12 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session closed for user samftp
May 12 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session closed for user root
May 12 20:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Connection closed by 148.113.210.228 port 37966 [preauth]
May 12 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29975]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29976]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29971]: pam_unix(cron:session): session closed for user p13x
May 12 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30033]: Successful su for rubyman by root
May 12 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30033]: + ??? root:rubyman
May 12 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380971 of user rubyman.
May 12 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30033]: pam_unix(su:session): session closed for user rubyman
May 12 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380971.
May 12 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27149]: pam_unix(cron:session): session closed for user root
May 12 20:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session closed for user samftp
May 12 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29014]: pam_unix(cron:session): session closed for user root
May 12 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30362]: pam_unix(cron:session): session closed for user p13x
May 12 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30424]: Successful su for rubyman by root
May 12 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30424]: + ??? root:rubyman
May 12 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380975 of user rubyman.
May 12 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30424]: pam_unix(su:session): session closed for user rubyman
May 12 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380975.
May 12 20:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27675]: pam_unix(cron:session): session closed for user root
May 12 20:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30363]: pam_unix(cron:session): session closed for user samftp
May 12 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session closed for user root
May 12 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30759]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30758]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30756]: pam_unix(cron:session): session closed for user p13x
May 12 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30815]: Successful su for rubyman by root
May 12 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30815]: + ??? root:rubyman
May 12 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380980 of user rubyman.
May 12 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30815]: pam_unix(su:session): session closed for user rubyman
May 12 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380980.
May 12 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28107]: pam_unix(cron:session): session closed for user root
May 12 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30757]: pam_unix(cron:session): session closed for user samftp
May 12 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29976]: pam_unix(cron:session): session closed for user root
May 12 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31253]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31254]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31252]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31254]: pam_unix(cron:session): session closed for user root
May 12 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session closed for user p13x
May 12 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: Successful su for rubyman by root
May 12 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: + ??? root:rubyman
May 12 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380986 of user rubyman.
May 12 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: pam_unix(su:session): session closed for user rubyman
May 12 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380986.
May 12 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Invalid user  from 170.64.236.179
May 12 20:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: input_userauth_request: invalid user  [preauth]
May 12 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session closed for user root
May 12 20:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session closed for user root
May 12 20:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session closed for user samftp
May 12 20:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Connection closed by 170.64.236.179 port 59506 [preauth]
May 12 20:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30365]: pam_unix(cron:session): session closed for user root
May 12 20:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: Invalid user centos from 170.64.236.179
May 12 20:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: input_userauth_request: invalid user centos [preauth]
May 12 20:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: Failed password for invalid user centos from 170.64.236.179 port 37482 ssh2
May 12 20:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: Connection closed by 170.64.236.179 port 37482 [preauth]
May 12 20:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Invalid user wang from 170.64.236.179
May 12 20:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: input_userauth_request: invalid user wang [preauth]
May 12 20:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Failed password for invalid user wang from 170.64.236.179 port 49742 ssh2
May 12 20:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Connection closed by 170.64.236.179 port 49742 [preauth]
May 12 20:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31710]: Invalid user nginx from 170.64.236.179
May 12 20:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31710]: input_userauth_request: invalid user nginx [preauth]
May 12 20:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31710]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31710]: Failed password for invalid user nginx from 170.64.236.179 port 49760 ssh2
May 12 20:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31710]: Connection closed by 170.64.236.179 port 49760 [preauth]
May 12 20:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: Invalid user jfedu1 from 170.64.236.179
May 12 20:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: input_userauth_request: invalid user jfedu1 [preauth]
May 12 20:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: Failed password for invalid user jfedu1 from 170.64.236.179 port 45344 ssh2
May 12 20:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: Connection closed by 170.64.236.179 port 45344 [preauth]
May 12 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31726]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31727]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31723]: pam_unix(cron:session): session closed for user p13x
May 12 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31799]: Successful su for rubyman by root
May 12 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31799]: + ??? root:rubyman
May 12 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380991 of user rubyman.
May 12 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31799]: pam_unix(su:session): session closed for user rubyman
May 12 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380991.
May 12 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: Invalid user ec2-user from 170.64.236.179
May 12 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: input_userauth_request: invalid user ec2-user [preauth]
May 12 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29013]: pam_unix(cron:session): session closed for user root
May 12 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session closed for user samftp
May 12 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: Failed password for invalid user ec2-user from 170.64.236.179 port 45350 ssh2
May 12 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: Connection closed by 170.64.236.179 port 45350 [preauth]
May 12 20:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: Failed password for root from 170.64.236.179 port 55640 ssh2
May 12 20:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: Connection closed by 170.64.236.179 port 55640 [preauth]
May 12 20:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: Invalid user esuser from 170.64.236.179
May 12 20:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: input_userauth_request: invalid user esuser [preauth]
May 12 20:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: Failed password for invalid user esuser from 170.64.236.179 port 55646 ssh2
May 12 20:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: Connection closed by 170.64.236.179 port 55646 [preauth]
May 12 20:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32287]: Invalid user server from 170.64.236.179
May 12 20:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32287]: input_userauth_request: invalid user server [preauth]
May 12 20:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32287]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32287]: Failed password for invalid user server from 170.64.236.179 port 54338 ssh2
May 12 20:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32287]: Connection closed by 170.64.236.179 port 54338 [preauth]
May 12 20:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Failed password for root from 170.64.236.179 port 54368 ssh2
May 12 20:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Connection closed by 170.64.236.179 port 54368 [preauth]
May 12 20:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: Failed password for root from 170.64.236.179 port 37576 ssh2
May 12 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: Connection closed by 170.64.236.179 port 37576 [preauth]
May 12 20:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: Invalid user username from 170.64.236.179
May 12 20:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: input_userauth_request: invalid user username [preauth]
May 12 20:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: Failed password for invalid user username from 170.64.236.179 port 37578 ssh2
May 12 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: Connection closed by 170.64.236.179 port 37578 [preauth]
May 12 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30759]: pam_unix(cron:session): session closed for user root
May 12 20:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32399]: Failed password for root from 170.64.236.179 port 37592 ssh2
May 12 20:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32399]: Connection closed by 170.64.236.179 port 37592 [preauth]
May 12 20:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Invalid user plexserver from 170.64.236.179
May 12 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: input_userauth_request: invalid user plexserver [preauth]
May 12 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Failed password for invalid user plexserver from 170.64.236.179 port 59244 ssh2
May 12 20:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Connection closed by 170.64.236.179 port 59244 [preauth]
May 12 20:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Invalid user fastuser from 170.64.236.179
May 12 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: input_userauth_request: invalid user fastuser [preauth]
May 12 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May 12 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Failed password for invalid user fastuser from 170.64.236.179 port 59248 ssh2
May 12 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Connection closed by 170.64.236.179 port 59248 [preauth]
May 12 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32437]: Failed password for root from 164.68.105.9 port 43816 ssh2
May 12 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32437]: Connection closed by 164.68.105.9 port 43816 [preauth]
May 12 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: Invalid user admin from 170.64.236.179
May 12 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: input_userauth_request: invalid user admin [preauth]
May 12 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: Failed password for invalid user admin from 170.64.236.179 port 54478 ssh2
May 12 20:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: Connection closed by 170.64.236.179 port 54478 [preauth]
May 12 20:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Invalid user weblogic from 170.64.236.179
May 12 20:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: input_userauth_request: invalid user weblogic [preauth]
May 12 20:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Failed password for invalid user weblogic from 170.64.236.179 port 54510 ssh2
May 12 20:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Connection closed by 170.64.236.179 port 54510 [preauth]
May 12 20:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Invalid user system from 170.64.236.179
May 12 20:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: input_userauth_request: invalid user system [preauth]
May 12 20:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Failed password for invalid user system from 170.64.236.179 port 52778 ssh2
May 12 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Connection closed by 170.64.236.179 port 52778 [preauth]
May 12 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32484]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32483]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32477]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32477]: pam_unix(cron:session): session closed for user root
May 12 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32480]: pam_unix(cron:session): session closed for user p13x
May 12 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32550]: Successful su for rubyman by root
May 12 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32550]: + ??? root:rubyman
May 12 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 380993 of user rubyman.
May 12 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32550]: pam_unix(su:session): session closed for user rubyman
May 12 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 380993.
May 12 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: Invalid user oracle from 170.64.236.179
May 12 20:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: input_userauth_request: invalid user oracle [preauth]
May 12 20:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29549]: pam_unix(cron:session): session closed for user root
May 12 20:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: Failed password for invalid user oracle from 170.64.236.179 port 52792 ssh2
May 12 20:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: Connection closed by 170.64.236.179 port 52792 [preauth]
May 12 20:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32482]: pam_unix(cron:session): session closed for user samftp
May 12 20:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Invalid user esearch from 170.64.236.179
May 12 20:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: input_userauth_request: invalid user esearch [preauth]
May 12 20:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Failed password for invalid user esearch from 170.64.236.179 port 38002 ssh2
May 12 20:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Connection closed by 170.64.236.179 port 38002 [preauth]
May 12 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Invalid user test from 170.64.236.179
May 12 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: input_userauth_request: invalid user test [preauth]
May 12 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for invalid user test from 170.64.236.179 port 38006 ssh2
May 12 20:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Connection closed by 170.64.236.179 port 38006 [preauth]
May 12 20:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Failed password for root from 170.64.236.179 port 44938 ssh2
May 12 20:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Connection closed by 170.64.236.179 port 44938 [preauth]
May 12 20:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: Invalid user gitlab from 170.64.236.179
May 12 20:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: input_userauth_request: invalid user gitlab [preauth]
May 12 20:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: Failed password for invalid user gitlab from 170.64.236.179 port 44946 ssh2
May 12 20:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: Connection closed by 170.64.236.179 port 44946 [preauth]
May 12 20:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[509]: Failed password for root from 170.64.236.179 port 55682 ssh2
May 12 20:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[509]: Connection closed by 170.64.236.179 port 55682 [preauth]
May 12 20:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[524]: Invalid user gitlab from 170.64.236.179
May 12 20:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[524]: input_userauth_request: invalid user gitlab [preauth]
May 12 20:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[524]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[524]: Failed password for invalid user gitlab from 170.64.236.179 port 55686 ssh2
May 12 20:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[524]: Connection closed by 170.64.236.179 port 55686 [preauth]
May 12 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31253]: pam_unix(cron:session): session closed for user root
May 12 20:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: Invalid user docker from 170.64.236.179
May 12 20:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: input_userauth_request: invalid user docker [preauth]
May 12 20:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: Failed password for invalid user docker from 170.64.236.179 port 55700 ssh2
May 12 20:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: Connection closed by 170.64.236.179 port 55700 [preauth]
May 12 20:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: Invalid user oscar from 170.64.236.179
May 12 20:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: input_userauth_request: invalid user oscar [preauth]
May 12 20:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: Failed password for invalid user oscar from 170.64.236.179 port 38478 ssh2
May 12 20:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: Connection closed by 170.64.236.179 port 38478 [preauth]
May 12 20:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: Invalid user jessalyn from 164.68.105.9
May 12 20:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: input_userauth_request: invalid user jessalyn [preauth]
May 12 20:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May 12 20:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: Failed password for invalid user jessalyn from 164.68.105.9 port 34318 ssh2
May 12 20:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: Connection closed by 164.68.105.9 port 34318 [preauth]
May 12 20:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Invalid user yyx from 190.103.202.7
May 12 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: input_userauth_request: invalid user yyx [preauth]
May 12 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 20:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: Failed password for root from 170.64.236.179 port 38494 ssh2
May 12 20:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: Connection closed by 170.64.236.179 port 38494 [preauth]
May 12 20:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Failed password for invalid user yyx from 190.103.202.7 port 49034 ssh2
May 12 20:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Connection closed by 190.103.202.7 port 49034 [preauth]
May 12 20:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: Invalid user elsearch from 170.64.236.179
May 12 20:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: input_userauth_request: invalid user elsearch [preauth]
May 12 20:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: Failed password for invalid user elsearch from 170.64.236.179 port 53042 ssh2
May 12 20:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: Connection closed by 170.64.236.179 port 53042 [preauth]
May 12 20:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: Failed password for root from 170.64.236.179 port 53062 ssh2
May 12 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: Connection closed by 170.64.236.179 port 53062 [preauth]
May 12 20:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Invalid user amir from 170.64.236.179
May 12 20:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: input_userauth_request: invalid user amir [preauth]
May 12 20:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for invalid user amir from 170.64.236.179 port 54778 ssh2
May 12 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[644]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[645]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Connection closed by 170.64.236.179 port 54778 [preauth]
May 12 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session closed for user p13x
May 12 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[717]: Successful su for rubyman by root
May 12 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[717]: + ??? root:rubyman
May 12 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381000 of user rubyman.
May 12 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[717]: pam_unix(su:session): session closed for user rubyman
May 12 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381000.
May 12 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: Invalid user hadoop from 170.64.236.179
May 12 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: input_userauth_request: invalid user hadoop [preauth]
May 12 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29975]: pam_unix(cron:session): session closed for user root
May 12 20:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: Failed password for invalid user hadoop from 170.64.236.179 port 54782 ssh2
May 12 20:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: Connection closed by 170.64.236.179 port 54782 [preauth]
May 12 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session closed for user samftp
May 12 20:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: Failed password for root from 170.64.236.179 port 58450 ssh2
May 12 20:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: Connection closed by 170.64.236.179 port 58450 [preauth]
May 12 20:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: Invalid user test from 170.64.236.179
May 12 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: input_userauth_request: invalid user test [preauth]
May 12 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: Failed password for invalid user test from 170.64.236.179 port 58452 ssh2
May 12 20:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: Connection closed by 170.64.236.179 port 58452 [preauth]
May 12 20:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: Invalid user ubuntu from 170.64.236.179
May 12 20:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: input_userauth_request: invalid user ubuntu [preauth]
May 12 20:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: Failed password for invalid user ubuntu from 170.64.236.179 port 55646 ssh2
May 12 20:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: Connection closed by 170.64.236.179 port 55646 [preauth]
May 12 20:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for root from 170.64.236.179 port 55652 ssh2
May 12 20:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Connection closed by 170.64.236.179 port 55652 [preauth]
May 12 20:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1012]: Failed password for root from 170.64.236.179 port 55654 ssh2
May 12 20:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1012]: Connection closed by 170.64.236.179 port 55654 [preauth]
May 12 20:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: Invalid user dolphinscheduler from 170.64.236.179
May 12 20:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 20:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: Failed password for invalid user dolphinscheduler from 170.64.236.179 port 49504 ssh2
May 12 20:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: Connection closed by 170.64.236.179 port 49504 [preauth]
May 12 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31727]: pam_unix(cron:session): session closed for user root
May 12 20:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Invalid user runner from 170.64.236.179
May 12 20:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: input_userauth_request: invalid user runner [preauth]
May 12 20:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Failed password for invalid user runner from 170.64.236.179 port 49514 ssh2
May 12 20:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Connection closed by 170.64.236.179 port 49514 [preauth]
May 12 20:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1084]: Invalid user dev from 170.64.236.179
May 12 20:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1084]: input_userauth_request: invalid user dev [preauth]
May 12 20:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1084]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1084]: Failed password for invalid user dev from 170.64.236.179 port 50770 ssh2
May 12 20:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1084]: Connection closed by 170.64.236.179 port 50770 [preauth]
May 12 20:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1104]: Invalid user ubuntu from 170.64.236.179
May 12 20:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1104]: input_userauth_request: invalid user ubuntu [preauth]
May 12 20:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1104]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1104]: Failed password for invalid user ubuntu from 170.64.236.179 port 50776 ssh2
May 12 20:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1104]: Connection closed by 170.64.236.179 port 50776 [preauth]
May 12 20:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Invalid user gitlab-runner from 170.64.236.179
May 12 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: input_userauth_request: invalid user gitlab-runner [preauth]
May 12 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Failed password for invalid user gitlab-runner from 170.64.236.179 port 42694 ssh2
May 12 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Connection closed by 170.64.236.179 port 42694 [preauth]
May 12 20:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Invalid user dolphinscheduler from 170.64.236.179
May 12 20:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 20:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 20:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Failed password for invalid user dolphinscheduler from 170.64.236.179 port 42708 ssh2
May 12 20:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Failed password for root from 218.92.0.179 port 27976 ssh2
May 12 20:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Connection closed by 170.64.236.179 port 42708 [preauth]
May 12 20:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Failed password for root from 218.92.0.179 port 27976 ssh2
May 12 20:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Invalid user user from 170.64.236.179
May 12 20:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: input_userauth_request: invalid user user [preauth]
May 12 20:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Failed password for root from 218.92.0.179 port 27976 ssh2
May 12 20:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Received disconnect from 218.92.0.179 port 27976:11:  [preauth]
May 12 20:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Disconnected from 218.92.0.179 port 27976 [preauth]
May 12 20:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 20:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Failed password for invalid user user from 170.64.236.179 port 60366 ssh2
May 12 20:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Connection closed by 170.64.236.179 port 60366 [preauth]
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1157]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1158]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1153]: pam_unix(cron:session): session closed for user p13x
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1239]: Successful su for rubyman by root
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1239]: + ??? root:rubyman
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381002 of user rubyman.
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1239]: pam_unix(su:session): session closed for user rubyman
May 12 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381002.
May 12 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: Failed password for root from 170.64.236.179 port 60376 ssh2
May 12 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: Connection closed by 170.64.236.179 port 60376 [preauth]
May 12 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30364]: pam_unix(cron:session): session closed for user root
May 12 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session closed for user samftp
May 12 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: Invalid user debian from 170.64.236.179
May 12 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: input_userauth_request: invalid user debian [preauth]
May 12 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: Failed password for invalid user debian from 170.64.236.179 port 50234 ssh2
May 12 20:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: Connection closed by 170.64.236.179 port 50234 [preauth]
May 12 20:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1481]: Invalid user git from 170.64.236.179
May 12 20:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1481]: input_userauth_request: invalid user git [preauth]
May 12 20:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1481]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1481]: Failed password for invalid user git from 170.64.236.179 port 50240 ssh2
May 12 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1481]: Connection closed by 170.64.236.179 port 50240 [preauth]
May 12 20:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: Invalid user ansible from 170.64.236.179
May 12 20:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: input_userauth_request: invalid user ansible [preauth]
May 12 20:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: Failed password for invalid user ansible from 170.64.236.179 port 50244 ssh2
May 12 20:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: Connection closed by 170.64.236.179 port 50244 [preauth]
May 12 20:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: Invalid user niaoyun from 170.64.236.179
May 12 20:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: input_userauth_request: invalid user niaoyun [preauth]
May 12 20:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: Failed password for invalid user niaoyun from 170.64.236.179 port 54504 ssh2
May 12 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May 12 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: Connection closed by 170.64.236.179 port 54504 [preauth]
May 12 20:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: Failed password for root from 218.92.0.205 port 54956 ssh2
May 12 20:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: Invalid user pi from 170.64.236.179
May 12 20:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: input_userauth_request: invalid user pi [preauth]
May 12 20:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: Failed password for invalid user pi from 170.64.236.179 port 54512 ssh2
May 12 20:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: Connection closed by 170.64.236.179 port 54512 [preauth]
May 12 20:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: Failed password for root from 218.92.0.205 port 54956 ssh2
May 12 20:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1550]: Invalid user developer from 170.64.236.179
May 12 20:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1550]: input_userauth_request: invalid user developer [preauth]
May 12 20:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1550]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1550]: Failed password for invalid user developer from 170.64.236.179 port 39536 ssh2
May 12 20:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1550]: Connection closed by 170.64.236.179 port 39536 [preauth]
May 12 20:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Invalid user kingbase from 170.64.236.179
May 12 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: input_userauth_request: invalid user kingbase [preauth]
May 12 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32484]: pam_unix(cron:session): session closed for user root
May 12 20:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Failed password for invalid user kingbase from 170.64.236.179 port 39548 ssh2
May 12 20:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Connection closed by 170.64.236.179 port 39548 [preauth]
May 12 20:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: Invalid user tom from 170.64.236.179
May 12 20:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: input_userauth_request: invalid user tom [preauth]
May 12 20:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: Failed password for invalid user tom from 170.64.236.179 port 57498 ssh2
May 12 20:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: Connection closed by 170.64.236.179 port 57498 [preauth]
May 12 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Invalid user esroot from 170.64.236.179
May 12 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: input_userauth_request: invalid user esroot [preauth]
May 12 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Failed password for invalid user esroot from 170.64.236.179 port 57500 ssh2
May 12 20:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Connection closed by 170.64.236.179 port 57500 [preauth]
May 12 20:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: Invalid user testuser from 170.64.236.179
May 12 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: input_userauth_request: invalid user testuser [preauth]
May 12 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: Failed password for invalid user testuser from 170.64.236.179 port 54784 ssh2
May 12 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: Connection closed by 170.64.236.179 port 54784 [preauth]
May 12 20:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1647]: Invalid user mehdi from 170.64.236.179
May 12 20:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1647]: input_userauth_request: invalid user mehdi [preauth]
May 12 20:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1647]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1647]: Failed password for invalid user mehdi from 170.64.236.179 port 54786 ssh2
May 12 20:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1647]: Connection closed by 170.64.236.179 port 54786 [preauth]
May 12 20:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Failed password for root from 170.64.236.179 port 54802 ssh2
May 12 20:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Connection closed by 170.64.236.179 port 54802 [preauth]
May 12 20:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1677]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1673]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1676]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1675]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1677]: pam_unix(cron:session): session closed for user root
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1670]: pam_unix(cron:session): session closed for user p13x
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: Successful su for rubyman by root
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: + ??? root:rubyman
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381009 of user rubyman.
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: pam_unix(su:session): session closed for user rubyman
May 12 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381009.
May 12 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: Failed password for root from 170.64.236.179 port 51202 ssh2
May 12 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: Connection closed by 170.64.236.179 port 51202 [preauth]
May 12 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1673]: pam_unix(cron:session): session closed for user root
May 12 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30758]: pam_unix(cron:session): session closed for user root
May 12 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Invalid user debian from 170.64.236.179
May 12 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: input_userauth_request: invalid user debian [preauth]
May 12 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1671]: pam_unix(cron:session): session closed for user samftp
May 12 20:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Failed password for invalid user debian from 170.64.236.179 port 51208 ssh2
May 12 20:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Connection closed by 170.64.236.179 port 51208 [preauth]
May 12 20:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2084]: Invalid user admin from 170.64.236.179
May 12 20:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2084]: input_userauth_request: invalid user admin [preauth]
May 12 20:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2084]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2084]: Failed password for invalid user admin from 170.64.236.179 port 38740 ssh2
May 12 20:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2084]: Connection closed by 170.64.236.179 port 38740 [preauth]
May 12 20:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Invalid user odoo17 from 170.64.236.179
May 12 20:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: input_userauth_request: invalid user odoo17 [preauth]
May 12 20:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Failed password for invalid user odoo17 from 170.64.236.179 port 38750 ssh2
May 12 20:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Connection closed by 170.64.236.179 port 38750 [preauth]
May 12 20:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Failed password for root from 170.64.236.179 port 56018 ssh2
May 12 20:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Connection closed by 170.64.236.179 port 56018 [preauth]
May 12 20:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: Invalid user bigdata from 170.64.236.179
May 12 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: input_userauth_request: invalid user bigdata [preauth]
May 12 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: Failed password for invalid user bigdata from 170.64.236.179 port 56034 ssh2
May 12 20:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: Connection closed by 170.64.236.179 port 56034 [preauth]
May 12 20:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: Invalid user minecraft from 170.64.236.179
May 12 20:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: input_userauth_request: invalid user minecraft [preauth]
May 12 20:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: Failed password for invalid user minecraft from 170.64.236.179 port 50222 ssh2
May 12 20:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: Connection closed by 170.64.236.179 port 50222 [preauth]
May 12 20:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[645]: pam_unix(cron:session): session closed for user root
May 12 20:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: Failed password for root from 170.64.236.179 port 50236 ssh2
May 12 20:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: Connection closed by 170.64.236.179 port 50236 [preauth]
May 12 20:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: Invalid user postgres from 170.64.236.179
May 12 20:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: input_userauth_request: invalid user postgres [preauth]
May 12 20:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: Failed password for invalid user postgres from 170.64.236.179 port 48504 ssh2
May 12 20:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: Connection closed by 170.64.236.179 port 48504 [preauth]
May 12 20:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: Invalid user solr from 170.64.236.179
May 12 20:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: input_userauth_request: invalid user solr [preauth]
May 12 20:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: Failed password for invalid user solr from 170.64.236.179 port 48516 ssh2
May 12 20:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: Connection closed by 170.64.236.179 port 48516 [preauth]
May 12 20:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: Invalid user dev from 170.64.236.179
May 12 20:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: input_userauth_request: invalid user dev [preauth]
May 12 20:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: Failed password for invalid user dev from 170.64.236.179 port 48522 ssh2
May 12 20:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: Connection closed by 170.64.236.179 port 48522 [preauth]
May 12 20:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Invalid user postgres from 170.64.236.179
May 12 20:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: input_userauth_request: invalid user postgres [preauth]
May 12 20:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Failed password for invalid user postgres from 170.64.236.179 port 56504 ssh2
May 12 20:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Connection closed by 170.64.236.179 port 56504 [preauth]
May 12 20:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: User backup from 170.64.236.179 not allowed because not listed in AllowUsers
May 12 20:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: input_userauth_request: invalid user backup [preauth]
May 12 20:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=backup
May 12 20:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Failed password for invalid user backup from 170.64.236.179 port 56510 ssh2
May 12 20:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Connection closed by 170.64.236.179 port 56510 [preauth]
May 12 20:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: Invalid user guest from 170.64.236.179
May 12 20:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: input_userauth_request: invalid user guest [preauth]
May 12 20:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2264]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2263]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2261]: pam_unix(cron:session): session closed for user p13x
May 12 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: Failed password for invalid user guest from 170.64.236.179 port 60438 ssh2
May 12 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2329]: Successful su for rubyman by root
May 12 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2329]: + ??? root:rubyman
May 12 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381012 of user rubyman.
May 12 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2329]: pam_unix(su:session): session closed for user rubyman
May 12 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381012.
May 12 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: Connection closed by 170.64.236.179 port 60438 [preauth]
May 12 20:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Invalid user dev from 170.64.236.179
May 12 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: input_userauth_request: invalid user dev [preauth]
May 12 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31252]: pam_unix(cron:session): session closed for user root
May 12 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2262]: pam_unix(cron:session): session closed for user samftp
May 12 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Failed password for invalid user dev from 170.64.236.179 port 60452 ssh2
May 12 20:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Connection closed by 170.64.236.179 port 60452 [preauth]
May 12 20:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: Invalid user lighthouse from 170.64.236.179
May 12 20:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: input_userauth_request: invalid user lighthouse [preauth]
May 12 20:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: Failed password for invalid user lighthouse from 170.64.236.179 port 57882 ssh2
May 12 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: Connection closed by 170.64.236.179 port 57882 [preauth]
May 12 20:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: Invalid user dmdba from 170.64.236.179
May 12 20:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: input_userauth_request: invalid user dmdba [preauth]
May 12 20:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: Failed password for invalid user dmdba from 170.64.236.179 port 57896 ssh2
May 12 20:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: Connection closed by 170.64.236.179 port 57896 [preauth]
May 12 20:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: Invalid user wso2 from 170.64.236.179
May 12 20:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: input_userauth_request: invalid user wso2 [preauth]
May 12 20:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: Failed password for invalid user wso2 from 170.64.236.179 port 59780 ssh2
May 12 20:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: Connection closed by 170.64.236.179 port 59780 [preauth]
May 12 20:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: Invalid user factorio from 170.64.236.179
May 12 20:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: input_userauth_request: invalid user factorio [preauth]
May 12 20:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: Failed password for invalid user factorio from 170.64.236.179 port 59794 ssh2
May 12 20:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: Connection closed by 170.64.236.179 port 59794 [preauth]
May 12 20:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2617]: Invalid user odoo from 170.64.236.179
May 12 20:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2617]: input_userauth_request: invalid user odoo [preauth]
May 12 20:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2617]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2617]: Failed password for invalid user odoo from 170.64.236.179 port 43492 ssh2
May 12 20:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2617]: Connection closed by 170.64.236.179 port 43492 [preauth]
May 12 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1158]: pam_unix(cron:session): session closed for user root
May 12 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: Failed password for root from 170.64.236.179 port 43502 ssh2
May 12 20:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: Connection closed by 170.64.236.179 port 43502 [preauth]
May 12 20:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: Invalid user elasticsearch from 170.64.236.179
May 12 20:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: input_userauth_request: invalid user elasticsearch [preauth]
May 12 20:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: Failed password for invalid user elasticsearch from 170.64.236.179 port 43510 ssh2
May 12 20:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: Connection closed by 170.64.236.179 port 43510 [preauth]
May 12 20:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Invalid user dolphinscheduler from 170.64.236.179
May 12 20:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 12 20:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Failed password for invalid user dolphinscheduler from 170.64.236.179 port 39182 ssh2
May 12 20:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Connection closed by 170.64.236.179 port 39182 [preauth]
May 12 20:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Invalid user media from 170.64.236.179
May 12 20:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: input_userauth_request: invalid user media [preauth]
May 12 20:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Failed password for invalid user media from 170.64.236.179 port 39184 ssh2
May 12 20:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Connection closed by 170.64.236.179 port 39184 [preauth]
May 12 20:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: Invalid user test2 from 170.64.236.179
May 12 20:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: input_userauth_request: invalid user test2 [preauth]
May 12 20:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: Failed password for invalid user test2 from 170.64.236.179 port 33414 ssh2
May 12 20:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: Connection closed by 170.64.236.179 port 33414 [preauth]
May 12 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: Invalid user user1 from 170.64.236.179
May 12 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: input_userauth_request: invalid user user1 [preauth]
May 12 20:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: Failed password for invalid user user1 from 170.64.236.179 port 33420 ssh2
May 12 20:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: Connection closed by 170.64.236.179 port 33420 [preauth]
May 12 20:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Failed password for root from 170.64.236.179 port 47206 ssh2
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Connection closed by 170.64.236.179 port 47206 [preauth]
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2748]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2745]: pam_unix(cron:session): session closed for user p13x
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2808]: Successful su for rubyman by root
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2808]: + ??? root:rubyman
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381016 of user rubyman.
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2808]: pam_unix(su:session): session closed for user rubyman
May 12 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381016.
May 12 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: Invalid user guest from 170.64.236.179
May 12 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: input_userauth_request: invalid user guest [preauth]
May 12 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31726]: pam_unix(cron:session): session closed for user root
May 12 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: Failed password for invalid user guest from 170.64.236.179 port 47218 ssh2
May 12 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: Connection closed by 170.64.236.179 port 47218 [preauth]
May 12 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2746]: pam_unix(cron:session): session closed for user samftp
May 12 20:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Failed password for root from 170.64.236.179 port 45034 ssh2
May 12 20:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Connection closed by 170.64.236.179 port 45034 [preauth]
May 12 20:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Failed password for root from 170.64.236.179 port 45044 ssh2
May 12 20:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Connection closed by 170.64.236.179 port 45044 [preauth]
May 12 20:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3044]: Invalid user minecraft from 170.64.236.179
May 12 20:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3044]: input_userauth_request: invalid user minecraft [preauth]
May 12 20:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3044]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3044]: Failed password for invalid user minecraft from 170.64.236.179 port 54924 ssh2
May 12 20:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3044]: Connection closed by 170.64.236.179 port 54924 [preauth]
May 12 20:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: Invalid user pi from 170.64.236.179
May 12 20:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: input_userauth_request: invalid user pi [preauth]
May 12 20:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: Failed password for invalid user pi from 170.64.236.179 port 54936 ssh2
May 12 20:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: Connection closed by 170.64.236.179 port 54936 [preauth]
May 12 20:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: Invalid user gpadmin from 170.64.236.179
May 12 20:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: input_userauth_request: invalid user gpadmin [preauth]
May 12 20:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: Failed password for invalid user gpadmin from 170.64.236.179 port 54942 ssh2
May 12 20:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: Connection closed by 170.64.236.179 port 54942 [preauth]
May 12 20:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3079]: Failed password for root from 80.94.95.125 port 47986 ssh2
May 12 20:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3079]: Received disconnect from 80.94.95.125 port 47986:11: Bye [preauth]
May 12 20:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3079]: Disconnected from 80.94.95.125 port 47986 [preauth]
May 12 20:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: Failed password for root from 170.64.236.179 port 57424 ssh2
May 12 20:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: Connection closed by 170.64.236.179 port 57424 [preauth]
May 12 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1676]: pam_unix(cron:session): session closed for user root
May 12 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3114]: Invalid user wang from 170.64.236.179
May 12 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3114]: input_userauth_request: invalid user wang [preauth]
May 12 20:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3114]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3114]: Failed password for invalid user wang from 170.64.236.179 port 57440 ssh2
May 12 20:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3114]: Connection closed by 170.64.236.179 port 57440 [preauth]
May 12 20:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: Failed password for root from 170.64.236.179 port 57400 ssh2
May 12 20:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: Connection closed by 170.64.236.179 port 57400 [preauth]
May 12 20:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Failed password for root from 170.64.236.179 port 57402 ssh2
May 12 20:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Connection closed by 170.64.236.179 port 57402 [preauth]
May 12 20:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Invalid user sadmin from 170.64.236.179
May 12 20:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: input_userauth_request: invalid user sadmin [preauth]
May 12 20:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Failed password for invalid user sadmin from 170.64.236.179 port 49708 ssh2
May 12 20:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Connection closed by 170.64.236.179 port 49708 [preauth]
May 12 20:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: Failed password for root from 170.64.236.179 port 49716 ssh2
May 12 20:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: Connection closed by 170.64.236.179 port 49716 [preauth]
May 12 20:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Invalid user elastic from 170.64.236.179
May 12 20:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: input_userauth_request: invalid user elastic [preauth]
May 12 20:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Failed password for invalid user elastic from 170.64.236.179 port 46064 ssh2
May 12 20:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Connection closed by 170.64.236.179 port 46064 [preauth]
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3190]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session closed for user p13x
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3254]: Successful su for rubyman by root
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3254]: + ??? root:rubyman
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381020 of user rubyman.
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3254]: pam_unix(su:session): session closed for user rubyman
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381020.
May 12 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Invalid user tomcat from 170.64.236.179
May 12 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: input_userauth_request: invalid user tomcat [preauth]
May 12 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32483]: pam_unix(cron:session): session closed for user root
May 12 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Failed password for invalid user tomcat from 170.64.236.179 port 46074 ssh2
May 12 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Connection closed by 170.64.236.179 port 46074 [preauth]
May 12 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3189]: pam_unix(cron:session): session closed for user samftp
May 12 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3467]: Invalid user steam from 170.64.236.179
May 12 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3467]: input_userauth_request: invalid user steam [preauth]
May 12 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3467]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3467]: Failed password for invalid user steam from 170.64.236.179 port 60030 ssh2
May 12 20:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3467]: Connection closed by 170.64.236.179 port 60030 [preauth]
May 12 20:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Invalid user gitlab from 170.64.236.179
May 12 20:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: input_userauth_request: invalid user gitlab [preauth]
May 12 20:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Failed password for invalid user gitlab from 170.64.236.179 port 60048 ssh2
May 12 20:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Connection closed by 170.64.236.179 port 60048 [preauth]
May 12 20:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Failed password for root from 170.64.236.179 port 60074 ssh2
May 12 20:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Connection closed by 170.64.236.179 port 60074 [preauth]
May 12 20:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: Invalid user bot from 170.64.236.179
May 12 20:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: input_userauth_request: invalid user bot [preauth]
May 12 20:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: Failed password for invalid user bot from 170.64.236.179 port 55944 ssh2
May 12 20:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: Connection closed by 170.64.236.179 port 55944 [preauth]
May 12 20:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Failed password for root from 170.64.236.179 port 55956 ssh2
May 12 20:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Connection closed by 170.64.236.179 port 55956 [preauth]
May 12 20:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3546]: Invalid user lighthouse from 170.64.236.179
May 12 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3546]: input_userauth_request: invalid user lighthouse [preauth]
May 12 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3546]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3546]: Failed password for invalid user lighthouse from 170.64.236.179 port 50116 ssh2
May 12 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3546]: Connection closed by 170.64.236.179 port 50116 [preauth]
May 12 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2264]: pam_unix(cron:session): session closed for user root
May 12 20:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: Invalid user flink from 170.64.236.179
May 12 20:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: input_userauth_request: invalid user flink [preauth]
May 12 20:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: Failed password for invalid user flink from 170.64.236.179 port 50120 ssh2
May 12 20:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: Connection closed by 170.64.236.179 port 50120 [preauth]
May 12 20:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: Failed password for root from 170.64.236.179 port 41074 ssh2
May 12 20:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: Connection closed by 170.64.236.179 port 41074 [preauth]
May 12 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: Failed password for root from 170.64.236.179 port 41076 ssh2
May 12 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: Connection closed by 170.64.236.179 port 41076 [preauth]
May 12 20:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Invalid user jenkins from 170.64.236.179
May 12 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: input_userauth_request: invalid user jenkins [preauth]
May 12 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Failed password for invalid user jenkins from 170.64.236.179 port 44950 ssh2
May 12 20:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Connection closed by 170.64.236.179 port 44950 [preauth]
May 12 20:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: User mysql from 170.64.236.179 not allowed because not listed in AllowUsers
May 12 20:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: input_userauth_request: invalid user mysql [preauth]
May 12 20:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=mysql
May 12 20:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: Failed password for invalid user mysql from 170.64.236.179 port 44966 ssh2
May 12 20:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: Connection closed by 170.64.236.179 port 44966 [preauth]
May 12 20:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Invalid user kubernetes from 170.64.236.179
May 12 20:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: input_userauth_request: invalid user kubernetes [preauth]
May 12 20:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Failed password for invalid user kubernetes from 170.64.236.179 port 36134 ssh2
May 12 20:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Connection closed by 170.64.236.179 port 36134 [preauth]
May 12 20:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3684]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3681]: pam_unix(cron:session): session closed for user p13x
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: Successful su for rubyman by root
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: + ??? root:rubyman
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381024 of user rubyman.
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: pam_unix(su:session): session closed for user rubyman
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381024.
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Invalid user user2 from 170.64.236.179
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: input_userauth_request: invalid user user2 [preauth]
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Invalid user 12345678 from 193.32.162.157
May 12 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: input_userauth_request: invalid user 12345678 [preauth]
May 12 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Failed password for invalid user user2 from 170.64.236.179 port 36144 ssh2
May 12 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Connection closed by 170.64.236.179 port 36144 [preauth]
May 12 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[644]: pam_unix(cron:session): session closed for user root
May 12 20:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Failed password for invalid user 12345678 from 193.32.162.157 port 17206 ssh2
May 12 20:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Invalid user hive from 170.64.236.179
May 12 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: input_userauth_request: invalid user hive [preauth]
May 12 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session closed for user samftp
May 12 20:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Connection closed by 193.32.162.157 port 17206 [preauth]
May 12 20:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Failed password for invalid user hive from 170.64.236.179 port 36160 ssh2
May 12 20:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Connection closed by 170.64.236.179 port 36160 [preauth]
May 12 20:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: Invalid user apache from 170.64.236.179
May 12 20:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: input_userauth_request: invalid user apache [preauth]
May 12 20:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: Failed password for invalid user apache from 170.64.236.179 port 40064 ssh2
May 12 20:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: Connection closed by 170.64.236.179 port 40064 [preauth]
May 12 20:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: Invalid user rancher from 170.64.236.179
May 12 20:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: input_userauth_request: invalid user rancher [preauth]
May 12 20:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: Failed password for invalid user rancher from 170.64.236.179 port 40072 ssh2
May 12 20:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: Connection closed by 170.64.236.179 port 40072 [preauth]
May 12 20:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: Invalid user adm from 193.32.162.157
May 12 20:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: input_userauth_request: invalid user adm [preauth]
May 12 20:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 20:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: Invalid user sonar from 170.64.236.179
May 12 20:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: input_userauth_request: invalid user sonar [preauth]
May 12 20:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: Failed password for invalid user adm from 193.32.162.157 port 11906 ssh2
May 12 20:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: Failed password for invalid user sonar from 170.64.236.179 port 44006 ssh2
May 12 20:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: Connection closed by 170.64.236.179 port 44006 [preauth]
May 12 20:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: Connection closed by 193.32.162.157 port 11906 [preauth]
May 12 20:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: Invalid user opc from 170.64.236.179
May 12 20:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: input_userauth_request: invalid user opc [preauth]
May 12 20:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: Failed password for invalid user opc from 170.64.236.179 port 44018 ssh2
May 12 20:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: Connection closed by 170.64.236.179 port 44018 [preauth]
May 12 20:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: Failed password for root from 170.64.236.179 port 39060 ssh2
May 12 20:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: Connection closed by 170.64.236.179 port 39060 [preauth]
May 12 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Invalid user admin from 170.64.236.179
May 12 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: input_userauth_request: invalid user admin [preauth]
May 12 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2748]: pam_unix(cron:session): session closed for user root
May 12 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4021]: Invalid user 123456 from 193.32.162.157
May 12 20:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4021]: input_userauth_request: invalid user 123456 [preauth]
May 12 20:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4021]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 20:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Failed password for invalid user admin from 170.64.236.179 port 39064 ssh2
May 12 20:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Connection closed by 170.64.236.179 port 39064 [preauth]
May 12 20:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4021]: Failed password for invalid user 123456 from 193.32.162.157 port 11606 ssh2
May 12 20:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4021]: Connection closed by 193.32.162.157 port 11606 [preauth]
May 12 20:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: Failed password for root from 170.64.236.179 port 33636 ssh2
May 12 20:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: Connection closed by 170.64.236.179 port 33636 [preauth]
May 12 20:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: Invalid user server from 170.64.236.179
May 12 20:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: input_userauth_request: invalid user server [preauth]
May 12 20:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: Failed password for invalid user server from 170.64.236.179 port 33646 ssh2
May 12 20:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: Connection closed by 170.64.236.179 port 33646 [preauth]
May 12 20:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: Failed password for root from 170.64.236.179 port 41204 ssh2
May 12 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: Connection closed by 170.64.236.179 port 41204 [preauth]
May 12 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: Invalid user adm from 193.32.162.157
May 12 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: input_userauth_request: invalid user adm [preauth]
May 12 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 20:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: Failed password for invalid user adm from 193.32.162.157 port 40548 ssh2
May 12 20:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Invalid user ts from 170.64.236.179
May 12 20:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: input_userauth_request: invalid user ts [preauth]
May 12 20:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Failed password for invalid user ts from 170.64.236.179 port 41208 ssh2
May 12 20:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Connection closed by 170.64.236.179 port 41208 [preauth]
May 12 20:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: Connection closed by 193.32.162.157 port 40548 [preauth]
May 12 20:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for root from 170.64.236.179 port 41218 ssh2
May 12 20:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Connection closed by 170.64.236.179 port 41218 [preauth]
May 12 20:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: Invalid user www from 170.64.236.179
May 12 20:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: input_userauth_request: invalid user www [preauth]
May 12 20:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4165]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4166]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4167]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4167]: pam_unix(cron:session): session closed for user root
May 12 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4161]: pam_unix(cron:session): session closed for user p13x
May 12 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: Successful su for rubyman by root
May 12 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: + ??? root:rubyman
May 12 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381030 of user rubyman.
May 12 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: pam_unix(su:session): session closed for user rubyman
May 12 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381030.
May 12 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: Failed password for invalid user www from 170.64.236.179 port 44034 ssh2
May 12 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: Connection closed by 170.64.236.179 port 44034 [preauth]
May 12 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session closed for user root
May 12 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1157]: pam_unix(cron:session): session closed for user root
May 12 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: Invalid user kingbase from 170.64.236.179
May 12 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: input_userauth_request: invalid user kingbase [preauth]
May 12 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: Invalid user 1234 from 193.32.162.157
May 12 20:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: input_userauth_request: invalid user 1234 [preauth]
May 12 20:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: Failed password for invalid user kingbase from 170.64.236.179 port 44036 ssh2
May 12 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: Connection closed by 170.64.236.179 port 44036 [preauth]
May 12 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: Failed password for invalid user 1234 from 193.32.162.157 port 46860 ssh2
May 12 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4163]: pam_unix(cron:session): session closed for user samftp
May 12 20:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: Connection closed by 193.32.162.157 port 46860 [preauth]
May 12 20:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4618]: Failed password for root from 170.64.236.179 port 38162 ssh2
May 12 20:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4618]: Connection closed by 170.64.236.179 port 38162 [preauth]
May 12 20:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Invalid user es from 170.64.236.179
May 12 20:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: input_userauth_request: invalid user es [preauth]
May 12 20:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Failed password for invalid user es from 170.64.236.179 port 38174 ssh2
May 12 20:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Connection closed by 170.64.236.179 port 38174 [preauth]
May 12 20:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: Invalid user guest from 170.64.236.179
May 12 20:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: input_userauth_request: invalid user guest [preauth]
May 12 20:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: Failed password for invalid user guest from 170.64.236.179 port 49536 ssh2
May 12 20:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: Connection closed by 170.64.236.179 port 49536 [preauth]
May 12 20:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Invalid user user from 170.64.236.179
May 12 20:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: input_userauth_request: invalid user user [preauth]
May 12 20:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Failed password for invalid user user from 170.64.236.179 port 49546 ssh2
May 12 20:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Connection closed by 170.64.236.179 port 49546 [preauth]
May 12 20:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: Invalid user ec2-user from 170.64.236.179
May 12 20:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: input_userauth_request: invalid user ec2-user [preauth]
May 12 20:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: Failed password for invalid user ec2-user from 170.64.236.179 port 57084 ssh2
May 12 20:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: Connection closed by 170.64.236.179 port 57084 [preauth]
May 12 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: Invalid user observer from 170.64.236.179
May 12 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: input_userauth_request: invalid user observer [preauth]
May 12 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session closed for user root
May 12 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: Failed password for invalid user observer from 170.64.236.179 port 57106 ssh2
May 12 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: Connection closed by 170.64.236.179 port 57106 [preauth]
May 12 20:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Invalid user minecraft from 170.64.236.179
May 12 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: input_userauth_request: invalid user minecraft [preauth]
May 12 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Failed password for invalid user minecraft from 170.64.236.179 port 53802 ssh2
May 12 20:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Connection closed by 170.64.236.179 port 53802 [preauth]
May 12 20:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4732]: Failed password for root from 170.64.236.179 port 53818 ssh2
May 12 20:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4732]: Connection closed by 170.64.236.179 port 53818 [preauth]
May 12 20:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4748]: Invalid user nginx from 170.64.236.179
May 12 20:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4748]: input_userauth_request: invalid user nginx [preauth]
May 12 20:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4748]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4748]: Failed password for invalid user nginx from 170.64.236.179 port 53824 ssh2
May 12 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4748]: Connection closed by 170.64.236.179 port 53824 [preauth]
May 12 20:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4758]: Invalid user dmdba from 170.64.236.179
May 12 20:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4758]: input_userauth_request: invalid user dmdba [preauth]
May 12 20:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4758]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4758]: Failed password for invalid user dmdba from 170.64.236.179 port 48128 ssh2
May 12 20:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4758]: Connection closed by 170.64.236.179 port 48128 [preauth]
May 12 20:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May 12 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: Failed password for root from 170.64.236.179 port 48150 ssh2
May 12 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: Connection closed by 170.64.236.179 port 48150 [preauth]
May 12 20:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Failed password for root from 45.6.188.43 port 44584 ssh2
May 12 20:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Connection closed by 45.6.188.43 port 44584 [preauth]
May 12 20:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Invalid user user from 170.64.236.179
May 12 20:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: input_userauth_request: invalid user user [preauth]
May 12 20:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Failed password for invalid user user from 170.64.236.179 port 47676 ssh2
May 12 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Connection closed by 170.64.236.179 port 47676 [preauth]
May 12 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4799]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4798]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4796]: pam_unix(cron:session): session closed for user p13x
May 12 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4876]: Successful su for rubyman by root
May 12 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4876]: + ??? root:rubyman
May 12 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381036 of user rubyman.
May 12 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4876]: pam_unix(su:session): session closed for user rubyman
May 12 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381036.
May 12 20:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4954]: Invalid user esuser from 170.64.236.179
May 12 20:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4954]: input_userauth_request: invalid user esuser [preauth]
May 12 20:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4954]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1675]: pam_unix(cron:session): session closed for user root
May 12 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4954]: Failed password for invalid user esuser from 170.64.236.179 port 47684 ssh2
May 12 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4797]: pam_unix(cron:session): session closed for user samftp
May 12 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4954]: Connection closed by 170.64.236.179 port 47684 [preauth]
May 12 20:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: Invalid user g from 170.64.236.179
May 12 20:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: input_userauth_request: invalid user g [preauth]
May 12 20:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: Failed password for invalid user g from 170.64.236.179 port 34836 ssh2
May 12 20:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: Connection closed by 170.64.236.179 port 34836 [preauth]
May 12 20:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Failed password for root from 170.64.236.179 port 34844 ssh2
May 12 20:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Connection closed by 170.64.236.179 port 34844 [preauth]
May 12 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5299]: Invalid user mongo from 170.64.236.179
May 12 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5299]: input_userauth_request: invalid user mongo [preauth]
May 12 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5299]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5299]: Failed password for invalid user mongo from 170.64.236.179 port 48652 ssh2
May 12 20:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5299]: Connection closed by 170.64.236.179 port 48652 [preauth]
May 12 20:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5302]: Invalid user ubnt from 170.64.236.179
May 12 20:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5302]: input_userauth_request: invalid user ubnt [preauth]
May 12 20:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5302]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5302]: Failed password for invalid user ubnt from 170.64.236.179 port 48676 ssh2
May 12 20:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5302]: Connection closed by 170.64.236.179 port 48676 [preauth]
May 12 20:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5326]: Invalid user uftp from 170.64.236.179
May 12 20:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5326]: input_userauth_request: invalid user uftp [preauth]
May 12 20:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5326]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5326]: Failed password for invalid user uftp from 170.64.236.179 port 33430 ssh2
May 12 20:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5326]: Connection closed by 170.64.236.179 port 33430 [preauth]
May 12 20:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Invalid user dspace from 170.64.236.179
May 12 20:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: input_userauth_request: invalid user dspace [preauth]
May 12 20:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3684]: pam_unix(cron:session): session closed for user root
May 12 20:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Failed password for invalid user dspace from 170.64.236.179 port 33444 ssh2
May 12 20:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Connection closed by 170.64.236.179 port 33444 [preauth]
May 12 20:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5367]: Failed password for root from 170.64.236.179 port 33446 ssh2
May 12 20:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5367]: Connection closed by 170.64.236.179 port 33446 [preauth]
May 12 20:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5378]: Failed password for root from 170.64.236.179 port 55856 ssh2
May 12 20:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5378]: Connection closed by 170.64.236.179 port 55856 [preauth]
May 12 20:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: User ftp from 170.64.236.179 not allowed because not listed in AllowUsers
May 12 20:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: input_userauth_request: invalid user ftp [preauth]
May 12 20:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=ftp
May 12 20:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Failed password for invalid user ftp from 170.64.236.179 port 55862 ssh2
May 12 20:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Connection closed by 170.64.236.179 port 55862 [preauth]
May 12 20:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Failed password for root from 170.64.236.179 port 42742 ssh2
May 12 20:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Connection closed by 170.64.236.179 port 42742 [preauth]
May 12 20:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: Failed password for root from 170.64.236.179 port 42752 ssh2
May 12 20:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: Connection closed by 170.64.236.179 port 42752 [preauth]
May 12 20:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: Invalid user hadoop from 170.64.236.179
May 12 20:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: input_userauth_request: invalid user hadoop [preauth]
May 12 20:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: Failed password for invalid user hadoop from 170.64.236.179 port 34534 ssh2
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: Connection closed by 170.64.236.179 port 34534 [preauth]
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5448]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5447]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session closed for user p13x
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: Successful su for rubyman by root
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: + ??? root:rubyman
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381038 of user rubyman.
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: pam_unix(su:session): session closed for user rubyman
May 12 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381038.
May 12 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: User proxy from 170.64.236.179 not allowed because not listed in AllowUsers
May 12 20:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: input_userauth_request: invalid user proxy [preauth]
May 12 20:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=proxy
May 12 20:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2263]: pam_unix(cron:session): session closed for user root
May 12 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: Failed password for invalid user proxy from 170.64.236.179 port 34548 ssh2
May 12 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: Connection closed by 170.64.236.179 port 34548 [preauth]
May 12 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session closed for user samftp
May 12 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: Invalid user user1 from 170.64.236.179
May 12 20:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: input_userauth_request: invalid user user1 [preauth]
May 12 20:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: Failed password for invalid user user1 from 170.64.236.179 port 53812 ssh2
May 12 20:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: Connection closed by 170.64.236.179 port 53812 [preauth]
May 12 20:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: Invalid user postgres from 170.64.236.179
May 12 20:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: input_userauth_request: invalid user postgres [preauth]
May 12 20:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: Failed password for invalid user postgres from 170.64.236.179 port 53828 ssh2
May 12 20:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: Connection closed by 170.64.236.179 port 53828 [preauth]
May 12 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: Invalid user deploy from 170.64.236.179
May 12 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: input_userauth_request: invalid user deploy [preauth]
May 12 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: Failed password for invalid user deploy from 170.64.236.179 port 47364 ssh2
May 12 20:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: Connection closed by 170.64.236.179 port 47364 [preauth]
May 12 20:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Invalid user tools from 170.64.236.179
May 12 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: input_userauth_request: invalid user tools [preauth]
May 12 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Failed password for invalid user tools from 170.64.236.179 port 47374 ssh2
May 12 20:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Connection closed by 170.64.236.179 port 47374 [preauth]
May 12 20:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: Invalid user vagrant from 170.64.236.179
May 12 20:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: input_userauth_request: invalid user vagrant [preauth]
May 12 20:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: Failed password for invalid user vagrant from 170.64.236.179 port 47376 ssh2
May 12 20:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: Connection closed by 170.64.236.179 port 47376 [preauth]
May 12 20:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Invalid user samba from 170.64.236.179
May 12 20:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: input_userauth_request: invalid user samba [preauth]
May 12 20:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Failed password for invalid user samba from 170.64.236.179 port 35926 ssh2
May 12 20:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Connection closed by 170.64.236.179 port 35926 [preauth]
May 12 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4166]: pam_unix(cron:session): session closed for user root
May 12 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Invalid user postgres from 170.64.236.179
May 12 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: input_userauth_request: invalid user postgres [preauth]
May 12 20:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Failed password for invalid user postgres from 170.64.236.179 port 35928 ssh2
May 12 20:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Connection closed by 170.64.236.179 port 35928 [preauth]
May 12 20:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: Invalid user plex from 170.64.236.179
May 12 20:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: input_userauth_request: invalid user plex [preauth]
May 12 20:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: Failed password for invalid user plex from 170.64.236.179 port 59756 ssh2
May 12 20:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: Connection closed by 170.64.236.179 port 59756 [preauth]
May 12 20:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Invalid user administrator from 170.64.236.179
May 12 20:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: input_userauth_request: invalid user administrator [preauth]
May 12 20:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Failed password for invalid user administrator from 170.64.236.179 port 59768 ssh2
May 12 20:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Connection closed by 170.64.236.179 port 59768 [preauth]
May 12 20:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: Invalid user testuser from 170.64.236.179
May 12 20:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: input_userauth_request: invalid user testuser [preauth]
May 12 20:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: Failed password for invalid user testuser from 170.64.236.179 port 44748 ssh2
May 12 20:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: Connection closed by 170.64.236.179 port 44748 [preauth]
May 12 20:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: Invalid user stream from 170.64.236.179
May 12 20:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: input_userauth_request: invalid user stream [preauth]
May 12 20:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: Failed password for invalid user stream from 170.64.236.179 port 44752 ssh2
May 12 20:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: Connection closed by 170.64.236.179 port 44752 [preauth]
May 12 20:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Invalid user nginx from 170.64.236.179
May 12 20:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: input_userauth_request: invalid user nginx [preauth]
May 12 20:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Failed password for invalid user nginx from 170.64.236.179 port 35512 ssh2
May 12 20:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Connection closed by 170.64.236.179 port 35512 [preauth]
May 12 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6030]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session closed for user p13x
May 12 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: Invalid user data from 170.64.236.179
May 12 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: input_userauth_request: invalid user data [preauth]
May 12 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6091]: Successful su for rubyman by root
May 12 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6091]: + ??? root:rubyman
May 12 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381043 of user rubyman.
May 12 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6091]: pam_unix(su:session): session closed for user rubyman
May 12 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381043.
May 12 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session closed for user root
May 12 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: Failed password for invalid user data from 170.64.236.179 port 35514 ssh2
May 12 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: Connection closed by 170.64.236.179 port 35514 [preauth]
May 12 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session closed for user samftp
May 12 20:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: Failed password for root from 170.64.236.179 port 52096 ssh2
May 12 20:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: Connection closed by 170.64.236.179 port 52096 [preauth]
May 12 20:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6298]: Invalid user deployer from 170.64.236.179
May 12 20:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6298]: input_userauth_request: invalid user deployer [preauth]
May 12 20:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6298]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6298]: Failed password for invalid user deployer from 170.64.236.179 port 52112 ssh2
May 12 20:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6298]: Connection closed by 170.64.236.179 port 52112 [preauth]
May 12 20:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Invalid user jms from 170.64.236.179
May 12 20:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: input_userauth_request: invalid user jms [preauth]
May 12 20:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Failed password for invalid user jms from 170.64.236.179 port 52132 ssh2
May 12 20:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Connection closed by 170.64.236.179 port 52132 [preauth]
May 12 20:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Invalid user ftpuser from 170.64.236.179
May 12 20:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: input_userauth_request: invalid user ftpuser [preauth]
May 12 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Failed password for invalid user ftpuser from 170.64.236.179 port 42062 ssh2
May 12 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Connection closed by 170.64.236.179 port 42062 [preauth]
May 12 20:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: Invalid user developer from 170.64.236.179
May 12 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: input_userauth_request: invalid user developer [preauth]
May 12 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: Failed password for invalid user developer from 170.64.236.179 port 42090 ssh2
May 12 20:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: Connection closed by 170.64.236.179 port 42090 [preauth]
May 12 20:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Failed password for root from 170.64.236.179 port 47818 ssh2
May 12 20:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Connection closed by 170.64.236.179 port 47818 [preauth]
May 12 20:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4799]: pam_unix(cron:session): session closed for user root
May 12 20:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6369]: Failed password for root from 170.64.236.179 port 47828 ssh2
May 12 20:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6369]: Connection closed by 170.64.236.179 port 47828 [preauth]
May 12 20:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Invalid user user from 170.64.236.179
May 12 20:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: input_userauth_request: invalid user user [preauth]
May 12 20:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Failed password for invalid user user from 170.64.236.179 port 47428 ssh2
May 12 20:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Connection closed by 170.64.236.179 port 47428 [preauth]
May 12 20:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Invalid user hadoop from 170.64.236.179
May 12 20:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: input_userauth_request: invalid user hadoop [preauth]
May 12 20:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Failed password for invalid user hadoop from 170.64.236.179 port 47432 ssh2
May 12 20:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Connection closed by 170.64.236.179 port 47432 [preauth]
May 12 20:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Invalid user hadoop from 170.64.236.179
May 12 20:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: input_userauth_request: invalid user hadoop [preauth]
May 12 20:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Failed password for invalid user hadoop from 170.64.236.179 port 47172 ssh2
May 12 20:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Connection closed by 170.64.236.179 port 47172 [preauth]
May 12 20:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: Invalid user apache from 170.64.236.179
May 12 20:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: input_userauth_request: invalid user apache [preauth]
May 12 20:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: Failed password for invalid user apache from 170.64.236.179 port 47188 ssh2
May 12 20:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: Connection closed by 170.64.236.179 port 47188 [preauth]
May 12 20:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Invalid user opc from 170.64.236.179
May 12 20:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: input_userauth_request: invalid user opc [preauth]
May 12 20:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Failed password for invalid user opc from 170.64.236.179 port 47194 ssh2
May 12 20:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Connection closed by 170.64.236.179 port 47194 [preauth]
May 12 20:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Invalid user user from 170.64.236.179
May 12 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: input_userauth_request: invalid user user [preauth]
May 12 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6469]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6468]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6466]: pam_unix(cron:session): session closed for user p13x
May 12 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6529]: Successful su for rubyman by root
May 12 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6529]: + ??? root:rubyman
May 12 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381046 of user rubyman.
May 12 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6529]: pam_unix(su:session): session closed for user rubyman
May 12 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381046.
May 12 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Failed password for invalid user user from 170.64.236.179 port 40084 ssh2
May 12 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Connection closed by 170.64.236.179 port 40084 [preauth]
May 12 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3190]: pam_unix(cron:session): session closed for user root
May 12 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6667]: Invalid user openvpn from 170.64.236.179
May 12 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6667]: input_userauth_request: invalid user openvpn [preauth]
May 12 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6667]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6467]: pam_unix(cron:session): session closed for user samftp
May 12 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6667]: Failed password for invalid user openvpn from 170.64.236.179 port 40098 ssh2
May 12 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6667]: Connection closed by 170.64.236.179 port 40098 [preauth]
May 12 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Invalid user test from 170.64.236.179
May 12 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: input_userauth_request: invalid user test [preauth]
May 12 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Failed password for invalid user test from 170.64.236.179 port 34862 ssh2
May 12 20:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Connection closed by 170.64.236.179 port 34862 [preauth]
May 12 20:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Invalid user es from 170.64.236.179
May 12 20:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: input_userauth_request: invalid user es [preauth]
May 12 20:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Failed password for invalid user es from 170.64.236.179 port 34872 ssh2
May 12 20:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Connection closed by 170.64.236.179 port 34872 [preauth]
May 12 20:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Invalid user gpuadmin from 170.64.236.179
May 12 20:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: input_userauth_request: invalid user gpuadmin [preauth]
May 12 20:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Failed password for invalid user gpuadmin from 170.64.236.179 port 48528 ssh2
May 12 20:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Connection closed by 170.64.236.179 port 48528 [preauth]
May 12 20:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Invalid user es from 170.64.236.179
May 12 20:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: input_userauth_request: invalid user es [preauth]
May 12 20:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Failed password for invalid user es from 170.64.236.179 port 48536 ssh2
May 12 20:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Connection closed by 170.64.236.179 port 48536 [preauth]
May 12 20:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: Failed password for root from 170.64.236.179 port 39232 ssh2
May 12 20:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: Connection closed by 170.64.236.179 port 39232 [preauth]
May 12 20:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5448]: pam_unix(cron:session): session closed for user root
May 12 20:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: Failed password for root from 170.64.236.179 port 39240 ssh2
May 12 20:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: Connection closed by 170.64.236.179 port 39240 [preauth]
May 12 20:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Invalid user git from 170.64.236.179
May 12 20:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: input_userauth_request: invalid user git [preauth]
May 12 20:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Failed password for invalid user git from 170.64.236.179 port 36400 ssh2
May 12 20:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Connection closed by 170.64.236.179 port 36400 [preauth]
May 12 20:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: Invalid user test from 170.64.236.179
May 12 20:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: input_userauth_request: invalid user test [preauth]
May 12 20:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: Failed password for invalid user test from 170.64.236.179 port 36434 ssh2
May 12 20:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: Connection closed by 170.64.236.179 port 36434 [preauth]
May 12 20:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Invalid user oracle from 170.64.236.179
May 12 20:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: input_userauth_request: invalid user oracle [preauth]
May 12 20:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Failed password for invalid user oracle from 170.64.236.179 port 36472 ssh2
May 12 20:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Connection closed by 170.64.236.179 port 36472 [preauth]
May 12 20:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Invalid user postgres from 170.64.236.179
May 12 20:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: input_userauth_request: invalid user postgres [preauth]
May 12 20:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Failed password for invalid user postgres from 170.64.236.179 port 49830 ssh2
May 12 20:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Connection closed by 170.64.236.179 port 49830 [preauth]
May 12 20:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Failed password for root from 170.64.236.179 port 49866 ssh2
May 12 20:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Connection closed by 170.64.236.179 port 49866 [preauth]
May 12 20:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: Invalid user deploy from 170.64.236.179
May 12 20:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: input_userauth_request: invalid user deploy [preauth]
May 12 20:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: Failed password for invalid user deploy from 170.64.236.179 port 60502 ssh2
May 12 20:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: Connection closed by 170.64.236.179 port 60502 [preauth]
May 12 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6904]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session closed for user root
May 12 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6902]: pam_unix(cron:session): session closed for user p13x
May 12 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7072]: Successful su for rubyman by root
May 12 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7072]: + ??? root:rubyman
May 12 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381050 of user rubyman.
May 12 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7072]: pam_unix(su:session): session closed for user rubyman
May 12 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381050.
May 12 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Invalid user debian from 170.64.236.179
May 12 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: input_userauth_request: invalid user debian [preauth]
May 12 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6904]: pam_unix(cron:session): session closed for user root
May 12 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session closed for user root
May 12 20:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Failed password for invalid user debian from 170.64.236.179 port 60514 ssh2
May 12 20:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Connection closed by 170.64.236.179 port 60514 [preauth]
May 12 20:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6903]: pam_unix(cron:session): session closed for user samftp
May 12 20:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Failed password for root from 170.64.236.179 port 58988 ssh2
May 12 20:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Connection closed by 170.64.236.179 port 58988 [preauth]
May 12 20:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Invalid user centos from 170.64.236.179
May 12 20:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: input_userauth_request: invalid user centos [preauth]
May 12 20:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Invalid user eacadm from 107.189.29.175
May 12 20:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: input_userauth_request: invalid user eacadm [preauth]
May 12 20:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May 12 20:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Failed password for invalid user centos from 170.64.236.179 port 59002 ssh2
May 12 20:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Connection closed by 170.64.236.179 port 59002 [preauth]
May 12 20:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Failed password for invalid user eacadm from 107.189.29.175 port 39916 ssh2
May 12 20:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Received disconnect from 107.189.29.175 port 39916:11: Bye Bye [preauth]
May 12 20:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Disconnected from 107.189.29.175 port 39916 [preauth]
May 12 20:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: Invalid user user2 from 170.64.236.179
May 12 20:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: input_userauth_request: invalid user user2 [preauth]
May 12 20:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: Failed password for invalid user user2 from 170.64.236.179 port 51574 ssh2
May 12 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: Connection closed by 170.64.236.179 port 51574 [preauth]
May 12 20:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Invalid user ubuntu from 170.64.236.179
May 12 20:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: input_userauth_request: invalid user ubuntu [preauth]
May 12 20:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Failed password for invalid user ubuntu from 170.64.236.179 port 51578 ssh2
May 12 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Connection closed by 170.64.236.179 port 51578 [preauth]
May 12 20:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Invalid user demo from 170.64.236.179
May 12 20:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: input_userauth_request: invalid user demo [preauth]
May 12 20:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Failed password for invalid user demo from 170.64.236.179 port 51586 ssh2
May 12 20:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Connection closed by 170.64.236.179 port 51586 [preauth]
May 12 20:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: Invalid user jumpserver from 170.64.236.179
May 12 20:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: input_userauth_request: invalid user jumpserver [preauth]
May 12 20:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: Failed password for invalid user jumpserver from 170.64.236.179 port 52538 ssh2
May 12 20:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: Connection closed by 170.64.236.179 port 52538 [preauth]
May 12 20:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session closed for user root
May 12 20:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Invalid user oracle from 170.64.236.179
May 12 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: input_userauth_request: invalid user oracle [preauth]
May 12 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Failed password for invalid user oracle from 170.64.236.179 port 52552 ssh2
May 12 20:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Connection closed by 170.64.236.179 port 52552 [preauth]
May 12 20:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Invalid user ftpuser from 170.64.236.179
May 12 20:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: input_userauth_request: invalid user ftpuser [preauth]
May 12 20:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Failed password for invalid user ftpuser from 170.64.236.179 port 55318 ssh2
May 12 20:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Connection closed by 170.64.236.179 port 55318 [preauth]
May 12 20:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Invalid user nexus from 170.64.236.179
May 12 20:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: input_userauth_request: invalid user nexus [preauth]
May 12 20:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Failed password for invalid user nexus from 170.64.236.179 port 55326 ssh2
May 12 20:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Connection closed by 170.64.236.179 port 55326 [preauth]
May 12 20:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7447]: Failed password for root from 170.64.236.179 port 34168 ssh2
May 12 20:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7447]: Connection closed by 170.64.236.179 port 34168 [preauth]
May 12 20:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Failed password for root from 170.64.236.179 port 34176 ssh2
May 12 20:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Connection closed by 170.64.236.179 port 34176 [preauth]
May 12 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: Invalid user admin from 170.64.236.179
May 12 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: input_userauth_request: invalid user admin [preauth]
May 12 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: Failed password for invalid user admin from 170.64.236.179 port 35808 ssh2
May 12 20:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: Connection closed by 170.64.236.179 port 35808 [preauth]
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7486]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7484]: pam_unix(cron:session): session closed for user p13x
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7657]: Successful su for rubyman by root
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7657]: + ??? root:rubyman
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381058 of user rubyman.
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7657]: pam_unix(su:session): session closed for user rubyman
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381058.
May 12 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Invalid user nvidia from 170.64.236.179
May 12 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: input_userauth_request: invalid user nvidia [preauth]
May 12 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Failed password for invalid user nvidia from 170.64.236.179 port 35818 ssh2
May 12 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Connection closed by 170.64.236.179 port 35818 [preauth]
May 12 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4165]: pam_unix(cron:session): session closed for user root
May 12 20:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7485]: pam_unix(cron:session): session closed for user samftp
May 12 20:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Invalid user elastic from 170.64.236.179
May 12 20:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: input_userauth_request: invalid user elastic [preauth]
May 12 20:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Failed password for invalid user elastic from 170.64.236.179 port 36702 ssh2
May 12 20:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Connection closed by 170.64.236.179 port 36702 [preauth]
May 12 20:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: Invalid user lsfadmin from 170.64.236.179
May 12 20:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: input_userauth_request: invalid user lsfadmin [preauth]
May 12 20:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: Failed password for invalid user lsfadmin from 170.64.236.179 port 36706 ssh2
May 12 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: Connection closed by 170.64.236.179 port 36706 [preauth]
May 12 20:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: Invalid user ranger from 170.64.236.179
May 12 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: input_userauth_request: invalid user ranger [preauth]
May 12 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: Failed password for invalid user ranger from 170.64.236.179 port 36710 ssh2
May 12 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: Connection closed by 170.64.236.179 port 36710 [preauth]
May 12 20:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7903]: Invalid user www from 170.64.236.179
May 12 20:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7903]: input_userauth_request: invalid user www [preauth]
May 12 20:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7903]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7903]: Failed password for invalid user www from 170.64.236.179 port 38216 ssh2
May 12 20:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7903]: Connection closed by 170.64.236.179 port 38216 [preauth]
May 12 20:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: Invalid user yealink from 170.64.236.179
May 12 20:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: input_userauth_request: invalid user yealink [preauth]
May 12 20:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: Failed password for invalid user yealink from 170.64.236.179 port 38222 ssh2
May 12 20:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: Connection closed by 170.64.236.179 port 38222 [preauth]
May 12 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7938]: User ftp from 170.64.236.179 not allowed because not listed in AllowUsers
May 12 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7938]: input_userauth_request: invalid user ftp [preauth]
May 12 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=ftp
May 12 20:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7938]: Failed password for invalid user ftp from 170.64.236.179 port 43156 ssh2
May 12 20:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7938]: Connection closed by 170.64.236.179 port 43156 [preauth]
May 12 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: Invalid user elasticsearch from 170.64.236.179
May 12 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: input_userauth_request: invalid user elasticsearch [preauth]
May 12 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6469]: pam_unix(cron:session): session closed for user root
May 12 20:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: Failed password for invalid user elasticsearch from 170.64.236.179 port 43168 ssh2
May 12 20:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: Connection closed by 170.64.236.179 port 43168 [preauth]
May 12 20:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: Failed password for root from 170.64.236.179 port 56440 ssh2
May 12 20:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: Connection closed by 170.64.236.179 port 56440 [preauth]
May 12 20:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: Invalid user app from 170.64.236.179
May 12 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: input_userauth_request: invalid user app [preauth]
May 12 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: Failed password for invalid user app from 170.64.236.179 port 56450 ssh2
May 12 20:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: Connection closed by 170.64.236.179 port 56450 [preauth]
May 12 20:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: Invalid user steam from 170.64.236.179
May 12 20:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: input_userauth_request: invalid user steam [preauth]
May 12 20:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: Failed password for invalid user steam from 170.64.236.179 port 60872 ssh2
May 12 20:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: Connection closed by 170.64.236.179 port 60872 [preauth]
May 12 20:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: Invalid user gitlab-runner from 170.64.236.179
May 12 20:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: input_userauth_request: invalid user gitlab-runner [preauth]
May 12 20:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: Failed password for invalid user gitlab-runner from 170.64.236.179 port 60880 ssh2
May 12 20:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: Connection closed by 170.64.236.179 port 60880 [preauth]
May 12 20:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: Invalid user uftp from 170.64.236.179
May 12 20:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: input_userauth_request: invalid user uftp [preauth]
May 12 20:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: Failed password for invalid user uftp from 170.64.236.179 port 60856 ssh2
May 12 20:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8030]: Connection closed by 170.64.236.179 port 60856 [preauth]
May 12 20:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8040]: Invalid user odoo16 from 170.64.236.179
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8040]: input_userauth_request: invalid user odoo16 [preauth]
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8047]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8046]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8044]: pam_unix(cron:session): session closed for user p13x
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8040]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8113]: Successful su for rubyman by root
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8113]: + ??? root:rubyman
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381061 of user rubyman.
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8113]: pam_unix(su:session): session closed for user rubyman
May 12 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381061.
May 12 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8040]: Failed password for invalid user odoo16 from 170.64.236.179 port 60878 ssh2
May 12 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8040]: Connection closed by 170.64.236.179 port 60878 [preauth]
May 12 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4798]: pam_unix(cron:session): session closed for user root
May 12 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Invalid user git from 170.64.236.179
May 12 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: input_userauth_request: invalid user git [preauth]
May 12 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8045]: pam_unix(cron:session): session closed for user samftp
May 12 20:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Failed password for invalid user git from 170.64.236.179 port 60896 ssh2
May 12 20:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Connection closed by 170.64.236.179 port 60896 [preauth]
May 12 20:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Invalid user zabbix from 170.64.236.179
May 12 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: input_userauth_request: invalid user zabbix [preauth]
May 12 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Failed password for invalid user zabbix from 170.64.236.179 port 52344 ssh2
May 12 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Connection closed by 170.64.236.179 port 52344 [preauth]
May 12 20:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: User mysql from 170.64.236.179 not allowed because not listed in AllowUsers
May 12 20:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: input_userauth_request: invalid user mysql [preauth]
May 12 20:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=mysql
May 12 20:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: Failed password for invalid user mysql from 170.64.236.179 port 52346 ssh2
May 12 20:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: Connection closed by 170.64.236.179 port 52346 [preauth]
May 12 20:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: Failed password for root from 170.64.236.179 port 32778 ssh2
May 12 20:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: Connection closed by 170.64.236.179 port 32778 [preauth]
May 12 20:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: Invalid user username from 115.231.78.11
May 12 20:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: input_userauth_request: invalid user username [preauth]
May 12 20:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: Connection closed by 115.231.78.11 port 30000 [preauth]
May 12 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Invalid user flask from 170.64.236.179
May 12 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: input_userauth_request: invalid user flask [preauth]
May 12 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Failed password for invalid user flask from 170.64.236.179 port 32792 ssh2
May 12 20:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Connection closed by 170.64.236.179 port 32792 [preauth]
May 12 20:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: Failed password for root from 170.64.236.179 port 50042 ssh2
May 12 20:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: Connection closed by 170.64.236.179 port 50042 [preauth]
May 12 20:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Invalid user ftpuser from 170.64.236.179
May 12 20:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: input_userauth_request: invalid user ftpuser [preauth]
May 12 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session closed for user root
May 12 20:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Failed password for invalid user ftpuser from 170.64.236.179 port 50054 ssh2
May 12 20:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Connection closed by 170.64.236.179 port 50054 [preauth]
May 12 20:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: Invalid user sonar from 170.64.236.179
May 12 20:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: input_userauth_request: invalid user sonar [preauth]
May 12 20:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: Failed password for invalid user sonar from 170.64.236.179 port 37308 ssh2
May 12 20:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: Connection closed by 170.64.236.179 port 37308 [preauth]
May 12 20:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Invalid user docker from 170.64.236.179
May 12 20:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: input_userauth_request: invalid user docker [preauth]
May 12 20:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Failed password for invalid user docker from 170.64.236.179 port 37318 ssh2
May 12 20:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Connection closed by 170.64.236.179 port 37318 [preauth]
May 12 20:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8470]: Invalid user tom from 170.64.236.179
May 12 20:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8470]: input_userauth_request: invalid user tom [preauth]
May 12 20:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8470]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Connection closed by 27.252.59.193 port 50682 [preauth]
May 12 20:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8470]: Failed password for invalid user tom from 170.64.236.179 port 37332 ssh2
May 12 20:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8470]: Connection closed by 170.64.236.179 port 37332 [preauth]
May 12 20:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8480]: Failed password for root from 170.64.236.179 port 44286 ssh2
May 12 20:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8480]: Connection closed by 170.64.236.179 port 44286 [preauth]
May 12 20:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8491]: Failed password for root from 170.64.236.179 port 44300 ssh2
May 12 20:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8491]: Connection closed by 170.64.236.179 port 44300 [preauth]
May 12 20:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Invalid user steam from 170.64.236.179
May 12 20:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: input_userauth_request: invalid user steam [preauth]
May 12 20:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8511]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8512]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8506]: pam_unix(cron:session): session closed for user p13x
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8578]: Successful su for rubyman by root
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8578]: + ??? root:rubyman
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381064 of user rubyman.
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8578]: pam_unix(su:session): session closed for user rubyman
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381064.
May 12 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Failed password for invalid user steam from 170.64.236.179 port 51864 ssh2
May 12 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Connection closed by 170.64.236.179 port 51864 [preauth]
May 12 20:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Invalid user admin from 170.64.236.179
May 12 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: input_userauth_request: invalid user admin [preauth]
May 12 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5447]: pam_unix(cron:session): session closed for user root
May 12 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8508]: pam_unix(cron:session): session closed for user samftp
May 12 20:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Failed password for invalid user admin from 170.64.236.179 port 51882 ssh2
May 12 20:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Connection closed by 170.64.236.179 port 51882 [preauth]
May 12 20:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: Failed password for root from 170.64.236.179 port 48800 ssh2
May 12 20:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: Connection closed by 170.64.236.179 port 48800 [preauth]
May 12 20:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Invalid user appuser from 170.64.236.179
May 12 20:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: input_userauth_request: invalid user appuser [preauth]
May 12 20:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Failed password for invalid user appuser from 170.64.236.179 port 48812 ssh2
May 12 20:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Connection closed by 170.64.236.179 port 48812 [preauth]
May 12 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179  user=root
May 12 20:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8813]: Failed password for root from 170.64.236.179 port 48984 ssh2
May 12 20:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8813]: Connection closed by 170.64.236.179 port 48984 [preauth]
May 12 20:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8823]: Invalid user master from 170.64.236.179
May 12 20:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8823]: input_userauth_request: invalid user master [preauth]
May 12 20:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8823]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.236.179
May 12 20:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8823]: Failed password for invalid user master from 170.64.236.179 port 48996 ssh2
May 12 20:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8823]: Connection closed by 170.64.236.179 port 48996 [preauth]
May 12 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session closed for user root
May 12 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 20:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8890]: Failed password for root from 218.92.0.179 port 60408 ssh2
May 12 20:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8890]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 60408 ssh2]
May 12 20:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8890]: Received disconnect from 218.92.0.179 port 60408:11:  [preauth]
May 12 20:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8890]: Disconnected from 218.92.0.179 port 60408 [preauth]
May 12 20:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8890]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8952]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8951]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8949]: pam_unix(cron:session): session closed for user p13x
May 12 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9015]: Successful su for rubyman by root
May 12 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9015]: + ??? root:rubyman
May 12 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381070 of user rubyman.
May 12 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9015]: pam_unix(su:session): session closed for user rubyman
May 12 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381070.
May 12 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6030]: pam_unix(cron:session): session closed for user root
May 12 20:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8950]: pam_unix(cron:session): session closed for user samftp
May 12 20:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May 12 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Failed password for root from 218.92.0.203 port 20332 ssh2
May 12 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8047]: pam_unix(cron:session): session closed for user root
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9480]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9479]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9482]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9481]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9482]: pam_unix(cron:session): session closed for user root
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9477]: pam_unix(cron:session): session closed for user p13x
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9545]: Successful su for rubyman by root
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9545]: + ??? root:rubyman
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381077 of user rubyman.
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9545]: pam_unix(su:session): session closed for user rubyman
May 12 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381077.
May 12 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9479]: pam_unix(cron:session): session closed for user root
May 12 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6468]: pam_unix(cron:session): session closed for user root
May 12 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9478]: pam_unix(cron:session): session closed for user samftp
May 12 20:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May 12 20:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9788]: Failed password for root from 80.94.95.125 port 12696 ssh2
May 12 20:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9788]: Received disconnect from 80.94.95.125 port 12696:11: Bye [preauth]
May 12 20:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9788]: Disconnected from 80.94.95.125 port 12696 [preauth]
May 12 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8512]: pam_unix(cron:session): session closed for user root
May 12 20:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Invalid user admin from 80.94.95.112
May 12 20:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: input_userauth_request: invalid user admin [preauth]
May 12 20:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Failed password for invalid user admin from 80.94.95.112 port 23853 ssh2
May 12 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9911]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9912]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9909]: pam_unix(cron:session): session closed for user p13x
May 12 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9979]: Successful su for rubyman by root
May 12 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9979]: + ??? root:rubyman
May 12 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381078 of user rubyman.
May 12 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9979]: pam_unix(su:session): session closed for user rubyman
May 12 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381078.
May 12 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Failed password for invalid user admin from 80.94.95.112 port 23853 ssh2
May 12 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Failed password for invalid user admin from 80.94.95.112 port 23853 ssh2
May 12 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6992]: pam_unix(cron:session): session closed for user root
May 12 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9910]: pam_unix(cron:session): session closed for user samftp
May 12 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Failed password for invalid user admin from 80.94.95.112 port 23853 ssh2
May 12 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Failed password for invalid user admin from 80.94.95.112 port 23853 ssh2
May 12 20:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Received disconnect from 80.94.95.112 port 23853:11: Bye [preauth]
May 12 20:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Disconnected from 80.94.95.112 port 23853 [preauth]
May 12 20:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 20:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8952]: pam_unix(cron:session): session closed for user root
May 12 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10406]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10407]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session closed for user p13x
May 12 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10476]: Successful su for rubyman by root
May 12 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10476]: + ??? root:rubyman
May 12 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381083 of user rubyman.
May 12 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10476]: pam_unix(su:session): session closed for user rubyman
May 12 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381083.
May 12 20:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7486]: pam_unix(cron:session): session closed for user root
May 12 20:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session closed for user samftp
May 12 20:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9481]: pam_unix(cron:session): session closed for user root
May 12 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10889]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10888]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10886]: pam_unix(cron:session): session closed for user p13x
May 12 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10945]: Successful su for rubyman by root
May 12 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10945]: + ??? root:rubyman
May 12 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381086 of user rubyman.
May 12 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10945]: pam_unix(su:session): session closed for user rubyman
May 12 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381086.
May 12 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8046]: pam_unix(cron:session): session closed for user root
May 12 20:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10887]: pam_unix(cron:session): session closed for user samftp
May 12 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9912]: pam_unix(cron:session): session closed for user root
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11280]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11279]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11274]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11276]: pam_unix(cron:session): session closed for user p13x
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: Successful su for rubyman by root
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: + ??? root:rubyman
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381091 of user rubyman.
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: pam_unix(su:session): session closed for user rubyman
May 12 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381091.
May 12 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11274]: pam_unix(cron:session): session closed for user root
May 12 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8511]: pam_unix(cron:session): session closed for user root
May 12 20:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11278]: pam_unix(cron:session): session closed for user samftp
May 12 20:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Invalid user df from 27.252.59.193
May 12 20:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: input_userauth_request: invalid user df [preauth]
May 12 20:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10407]: pam_unix(cron:session): session closed for user root
May 12 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11764]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11763]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11767]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11768]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11766]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11768]: pam_unix(cron:session): session closed for user root
May 12 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session closed for user p13x
May 12 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11832]: Successful su for rubyman by root
May 12 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11832]: + ??? root:rubyman
May 12 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381098 of user rubyman.
May 12 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11832]: pam_unix(su:session): session closed for user rubyman
May 12 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381098.
May 12 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8951]: pam_unix(cron:session): session closed for user root
May 12 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11764]: pam_unix(cron:session): session closed for user root
May 12 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11763]: pam_unix(cron:session): session closed for user samftp
May 12 20:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 20:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: Failed password for root from 218.92.0.179 port 48411 ssh2
May 12 20:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Connection closed by 27.252.59.193 port 50990 [preauth]
May 12 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: Failed password for root from 218.92.0.179 port 48411 ssh2
May 12 20:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10889]: pam_unix(cron:session): session closed for user root
May 12 20:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: Failed password for root from 218.92.0.179 port 48411 ssh2
May 12 20:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: Received disconnect from 218.92.0.179 port 48411:11:  [preauth]
May 12 20:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: Disconnected from 218.92.0.179 port 48411 [preauth]
May 12 20:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12188]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12190]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12186]: pam_unix(cron:session): session closed for user p13x
May 12 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: Successful su for rubyman by root
May 12 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: + ??? root:rubyman
May 12 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381103 of user rubyman.
May 12 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: pam_unix(su:session): session closed for user rubyman
May 12 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381103.
May 12 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9480]: pam_unix(cron:session): session closed for user root
May 12 20:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session closed for user samftp
May 12 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11280]: pam_unix(cron:session): session closed for user root
May 12 20:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 20:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: Failed password for root from 218.92.0.179 port 22538 ssh2
May 12 20:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 22538 ssh2]
May 12 20:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: Received disconnect from 218.92.0.179 port 22538:11:  [preauth]
May 12 20:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: Disconnected from 218.92.0.179 port 22538 [preauth]
May 12 20:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12602]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12601]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12599]: pam_unix(cron:session): session closed for user p13x
May 12 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12661]: Successful su for rubyman by root
May 12 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12661]: + ??? root:rubyman
May 12 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381105 of user rubyman.
May 12 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12661]: pam_unix(su:session): session closed for user rubyman
May 12 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381105.
May 12 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9911]: pam_unix(cron:session): session closed for user root
May 12 20:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12600]: pam_unix(cron:session): session closed for user samftp
May 12 20:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Did not receive identification string from 64.62.156.55
May 12 20:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11767]: pam_unix(cron:session): session closed for user root
May 12 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12993]: pam_unix(cron:session): session closed for user p13x
May 12 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13060]: Successful su for rubyman by root
May 12 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13060]: + ??? root:rubyman
May 12 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381111 of user rubyman.
May 12 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13060]: pam_unix(su:session): session closed for user rubyman
May 12 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381111.
May 12 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10406]: pam_unix(cron:session): session closed for user root
May 12 20:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session closed for user samftp
May 12 20:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Failed password for root from 80.94.95.15 port 39021 ssh2
May 12 20:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: message repeated 4 times: [ Failed password for root from 80.94.95.15 port 39021 ssh2]
May 12 20:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Received disconnect from 80.94.95.15 port 39021:11: Bye [preauth]
May 12 20:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Disconnected from 80.94.95.15 port 39021 [preauth]
May 12 20:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 20:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 20:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12190]: pam_unix(cron:session): session closed for user root
May 12 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13398]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13395]: pam_unix(cron:session): session closed for user p13x
May 12 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13550]: Successful su for rubyman by root
May 12 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13550]: + ??? root:rubyman
May 12 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381113 of user rubyman.
May 12 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13550]: pam_unix(su:session): session closed for user rubyman
May 12 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381113.
May 12 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10888]: pam_unix(cron:session): session closed for user root
May 12 20:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session closed for user samftp
May 12 20:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12602]: pam_unix(cron:session): session closed for user root
May 12 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13900]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13901]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13898]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13899]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13901]: pam_unix(cron:session): session closed for user root
May 12 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13896]: pam_unix(cron:session): session closed for user p13x
May 12 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13965]: Successful su for rubyman by root
May 12 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13965]: + ??? root:rubyman
May 12 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381117 of user rubyman.
May 12 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13965]: pam_unix(su:session): session closed for user rubyman
May 12 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381117.
May 12 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13898]: pam_unix(cron:session): session closed for user root
May 12 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11279]: pam_unix(cron:session): session closed for user root
May 12 20:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13897]: pam_unix(cron:session): session closed for user samftp
May 12 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session closed for user root
May 12 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14328]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14329]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14326]: pam_unix(cron:session): session closed for user p13x
May 12 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14398]: Successful su for rubyman by root
May 12 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14398]: + ??? root:rubyman
May 12 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381123 of user rubyman.
May 12 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14398]: pam_unix(su:session): session closed for user rubyman
May 12 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381123.
May 12 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11766]: pam_unix(cron:session): session closed for user root
May 12 20:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14327]: pam_unix(cron:session): session closed for user samftp
May 12 20:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13398]: pam_unix(cron:session): session closed for user root
May 12 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14754]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14753]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14751]: pam_unix(cron:session): session closed for user p13x
May 12 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14813]: Successful su for rubyman by root
May 12 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14813]: + ??? root:rubyman
May 12 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381127 of user rubyman.
May 12 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14813]: pam_unix(su:session): session closed for user rubyman
May 12 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381127.
May 12 20:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12188]: pam_unix(cron:session): session closed for user root
May 12 20:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14752]: pam_unix(cron:session): session closed for user samftp
May 12 20:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13900]: pam_unix(cron:session): session closed for user root
May 12 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15155]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15156]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15153]: pam_unix(cron:session): session closed for user p13x
May 12 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15212]: Successful su for rubyman by root
May 12 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15212]: + ??? root:rubyman
May 12 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381132 of user rubyman.
May 12 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15212]: pam_unix(su:session): session closed for user rubyman
May 12 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381132.
May 12 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12601]: pam_unix(cron:session): session closed for user root
May 12 20:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15154]: pam_unix(cron:session): session closed for user samftp
May 12 20:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14329]: pam_unix(cron:session): session closed for user root
May 12 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15545]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15544]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15542]: pam_unix(cron:session): session closed for user p13x
May 12 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15604]: Successful su for rubyman by root
May 12 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15604]: + ??? root:rubyman
May 12 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381135 of user rubyman.
May 12 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15604]: pam_unix(su:session): session closed for user rubyman
May 12 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381135.
May 12 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session closed for user root
May 12 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15543]: pam_unix(cron:session): session closed for user samftp
May 12 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14754]: pam_unix(cron:session): session closed for user root
May 12 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15949]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15949]: pam_unix(cron:session): session closed for user root
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15944]: pam_unix(cron:session): session closed for user p13x
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16010]: Successful su for rubyman by root
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16010]: + ??? root:rubyman
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381141 of user rubyman.
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16010]: pam_unix(su:session): session closed for user rubyman
May 12 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381141.
May 12 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session closed for user root
May 12 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session closed for user root
May 12 20:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15945]: pam_unix(cron:session): session closed for user samftp
May 12 20:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15156]: pam_unix(cron:session): session closed for user root
May 12 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16359]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16358]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16356]: pam_unix(cron:session): session closed for user p13x
May 12 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16422]: Successful su for rubyman by root
May 12 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16422]: + ??? root:rubyman
May 12 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381145 of user rubyman.
May 12 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16422]: pam_unix(su:session): session closed for user rubyman
May 12 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381145.
May 12 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13899]: pam_unix(cron:session): session closed for user root
May 12 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16357]: pam_unix(cron:session): session closed for user samftp
May 12 20:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15545]: pam_unix(cron:session): session closed for user root
May 12 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16815]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16814]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16812]: pam_unix(cron:session): session closed for user p13x
May 12 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16885]: Successful su for rubyman by root
May 12 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16885]: + ??? root:rubyman
May 12 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381150 of user rubyman.
May 12 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16885]: pam_unix(su:session): session closed for user rubyman
May 12 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381150.
May 12 20:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14328]: pam_unix(cron:session): session closed for user root
May 12 20:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16813]: pam_unix(cron:session): session closed for user samftp
May 12 20:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session closed for user root
May 12 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17244]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17241]: pam_unix(cron:session): session closed for user p13x
May 12 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17308]: Successful su for rubyman by root
May 12 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17308]: + ??? root:rubyman
May 12 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381154 of user rubyman.
May 12 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17308]: pam_unix(su:session): session closed for user rubyman
May 12 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381154.
May 12 20:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14753]: pam_unix(cron:session): session closed for user root
May 12 20:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session closed for user samftp
May 12 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16359]: pam_unix(cron:session): session closed for user root
May 12 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17661]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17660]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17657]: pam_unix(cron:session): session closed for user p13x
May 12 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17721]: Successful su for rubyman by root
May 12 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17721]: + ??? root:rubyman
May 12 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381158 of user rubyman.
May 12 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17721]: pam_unix(su:session): session closed for user rubyman
May 12 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381158.
May 12 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15155]: pam_unix(cron:session): session closed for user root
May 12 20:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17658]: pam_unix(cron:session): session closed for user samftp
May 12 20:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 20:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: Failed password for root from 218.92.0.179 port 60662 ssh2
May 12 20:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 60662 ssh2]
May 12 20:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: Received disconnect from 218.92.0.179 port 60662:11:  [preauth]
May 12 20:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: Disconnected from 218.92.0.179 port 60662 [preauth]
May 12 20:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 20:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16815]: pam_unix(cron:session): session closed for user root
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18189]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18190]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18188]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18191]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18191]: pam_unix(cron:session): session closed for user root
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18186]: pam_unix(cron:session): session closed for user p13x
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18253]: Successful su for rubyman by root
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18253]: + ??? root:rubyman
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381162 of user rubyman.
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18253]: pam_unix(su:session): session closed for user rubyman
May 12 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381162.
May 12 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18188]: pam_unix(cron:session): session closed for user root
May 12 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15544]: pam_unix(cron:session): session closed for user root
May 12 20:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18187]: pam_unix(cron:session): session closed for user samftp
May 12 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17244]: pam_unix(cron:session): session closed for user root
May 12 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18626]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18627]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18624]: pam_unix(cron:session): session closed for user p13x
May 12 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18692]: Successful su for rubyman by root
May 12 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18692]: + ??? root:rubyman
May 12 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381167 of user rubyman.
May 12 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18692]: pam_unix(su:session): session closed for user rubyman
May 12 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381167.
May 12 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session closed for user root
May 12 20:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18625]: pam_unix(cron:session): session closed for user samftp
May 12 20:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17661]: pam_unix(cron:session): session closed for user root
May 12 20:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Invalid user developer from 50.235.31.47
May 12 20:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: input_userauth_request: invalid user developer [preauth]
May 12 20:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: pam_unix(sshd:auth): check pass; user unknown
May 12 20:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May 12 20:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Failed password for invalid user developer from 50.235.31.47 port 53316 ssh2
May 12 20:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Connection closed by 50.235.31.47 port 53316 [preauth]
May 12 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19042]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19038]: pam_unix(cron:session): session closed for user p13x
May 12 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19104]: Successful su for rubyman by root
May 12 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19104]: + ??? root:rubyman
May 12 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381171 of user rubyman.
May 12 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19104]: pam_unix(su:session): session closed for user rubyman
May 12 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381171.
May 12 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16358]: pam_unix(cron:session): session closed for user root
May 12 20:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19039]: pam_unix(cron:session): session closed for user samftp
May 12 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18190]: pam_unix(cron:session): session closed for user root
May 12 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19446]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19448]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19443]: pam_unix(cron:session): session closed for user p13x
May 12 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19517]: Successful su for rubyman by root
May 12 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19517]: + ??? root:rubyman
May 12 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381176 of user rubyman.
May 12 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19517]: pam_unix(su:session): session closed for user rubyman
May 12 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381176.
May 12 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16814]: pam_unix(cron:session): session closed for user root
May 12 20:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19444]: pam_unix(cron:session): session closed for user samftp
May 12 20:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18627]: pam_unix(cron:session): session closed for user root
May 12 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session closed for user p13x
May 12 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19936]: Successful su for rubyman by root
May 12 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19936]: + ??? root:rubyman
May 12 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381181 of user rubyman.
May 12 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19936]: pam_unix(su:session): session closed for user rubyman
May 12 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381181.
May 12 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session closed for user root
May 12 20:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session closed for user samftp
May 12 20:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19042]: pam_unix(cron:session): session closed for user root
May 12 20:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 20:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 20:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20230]: Failed password for root from 218.92.0.179 port 15988 ssh2
May 12 20:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20230]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 15988 ssh2]
May 12 20:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20230]: Received disconnect from 218.92.0.179 port 15988:11:  [preauth]
May 12 20:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20230]: Disconnected from 218.92.0.179 port 15988 [preauth]
May 12 20:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20230]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20286]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20284]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20282]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20285]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session closed for user root
May 12 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20282]: pam_unix(cron:session): session closed for user root
May 12 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20280]: pam_unix(cron:session): session closed for user p13x
May 12 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20373]: Successful su for rubyman by root
May 12 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20373]: + ??? root:rubyman
May 12 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381185 of user rubyman.
May 12 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20373]: pam_unix(su:session): session closed for user rubyman
May 12 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381185.
May 12 21:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17660]: pam_unix(cron:session): session closed for user root
May 12 21:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20284]: pam_unix(cron:session): session closed for user root
May 12 21:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20281]: pam_unix(cron:session): session closed for user samftp
May 12 21:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19448]: pam_unix(cron:session): session closed for user root
May 12 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20790]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20789]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20786]: pam_unix(cron:session): session closed for user p13x
May 12 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20860]: Successful su for rubyman by root
May 12 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20860]: + ??? root:rubyman
May 12 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381191 of user rubyman.
May 12 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20860]: pam_unix(su:session): session closed for user rubyman
May 12 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381191.
May 12 21:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18189]: pam_unix(cron:session): session closed for user root
May 12 21:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20787]: pam_unix(cron:session): session closed for user samftp
May 12 21:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Failed password for root from 218.92.0.179 port 27452 ssh2
May 12 21:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 27452 ssh2]
May 12 21:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Received disconnect from 218.92.0.179 port 27452:11:  [preauth]
May 12 21:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Disconnected from 218.92.0.179 port 27452 [preauth]
May 12 21:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session closed for user root
May 12 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21218]: pam_unix(cron:session): session closed for user p13x
May 12 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21313]: Successful su for rubyman by root
May 12 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21313]: + ??? root:rubyman
May 12 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381194 of user rubyman.
May 12 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21313]: pam_unix(su:session): session closed for user rubyman
May 12 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381194.
May 12 21:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18626]: pam_unix(cron:session): session closed for user root
May 12 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session closed for user samftp
May 12 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20286]: pam_unix(cron:session): session closed for user root
May 12 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21687]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21686]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21683]: pam_unix(cron:session): session closed for user p13x
May 12 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: Successful su for rubyman by root
May 12 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: + ??? root:rubyman
May 12 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381199 of user rubyman.
May 12 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: pam_unix(su:session): session closed for user rubyman
May 12 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381199.
May 12 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session closed for user root
May 12 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session closed for user samftp
May 12 21:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: Invalid user dimitri from 190.103.202.7
May 12 21:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: input_userauth_request: invalid user dimitri [preauth]
May 12 21:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 21:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: Failed password for invalid user dimitri from 190.103.202.7 port 49510 ssh2
May 12 21:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: Connection closed by 190.103.202.7 port 49510 [preauth]
May 12 21:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20790]: pam_unix(cron:session): session closed for user root
May 12 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22435]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22432]: pam_unix(cron:session): session closed for user p13x
May 12 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22502]: Successful su for rubyman by root
May 12 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22502]: + ??? root:rubyman
May 12 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381202 of user rubyman.
May 12 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22502]: pam_unix(su:session): session closed for user rubyman
May 12 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381202.
May 12 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19446]: pam_unix(cron:session): session closed for user root
May 12 21:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22433]: pam_unix(cron:session): session closed for user samftp
May 12 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session closed for user root
May 12 21:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22888]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22889]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session closed for user root
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22886]: pam_unix(cron:session): session closed for user p13x
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22992]: Successful su for rubyman by root
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22992]: + ??? root:rubyman
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22992]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381208 of user rubyman.
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22992]: pam_unix(su:session): session closed for user rubyman
May 12 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381208.
May 12 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22888]: pam_unix(cron:session): session closed for user root
May 12 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session closed for user root
May 12 21:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22887]: pam_unix(cron:session): session closed for user samftp
May 12 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21687]: pam_unix(cron:session): session closed for user root
May 12 21:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May 12 21:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: Failed password for root from 50.235.31.47 port 52444 ssh2
May 12 21:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: Connection closed by 50.235.31.47 port 52444 [preauth]
May 12 21:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23459]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23458]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session closed for user p13x
May 12 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23525]: Successful su for rubyman by root
May 12 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23525]: + ??? root:rubyman
May 12 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381212 of user rubyman.
May 12 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23525]: pam_unix(su:session): session closed for user rubyman
May 12 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381212.
May 12 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Invalid user adam from 193.32.162.157
May 12 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: input_userauth_request: invalid user adam [preauth]
May 12 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Failed password for invalid user adam from 193.32.162.157 port 38936 ssh2
May 12 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20285]: pam_unix(cron:session): session closed for user root
May 12 21:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23457]: pam_unix(cron:session): session closed for user samftp
May 12 21:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Connection closed by 193.32.162.157 port 38936 [preauth]
May 12 21:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23723]: Invalid user git from 193.32.162.157
May 12 21:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23723]: input_userauth_request: invalid user git [preauth]
May 12 21:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23723]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 21:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23723]: Failed password for invalid user git from 193.32.162.157 port 57116 ssh2
May 12 21:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23723]: Connection closed by 193.32.162.157 port 57116 [preauth]
May 12 21:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22435]: pam_unix(cron:session): session closed for user root
May 12 21:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: Invalid user acer from 193.32.162.157
May 12 21:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: input_userauth_request: invalid user acer [preauth]
May 12 21:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 21:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: Failed password for invalid user acer from 193.32.162.157 port 59022 ssh2
May 12 21:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: Connection closed by 193.32.162.157 port 59022 [preauth]
May 12 21:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23981]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23982]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23979]: pam_unix(cron:session): session closed for user p13x
May 12 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24059]: Successful su for rubyman by root
May 12 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24059]: + ??? root:rubyman
May 12 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381217 of user rubyman.
May 12 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24059]: pam_unix(su:session): session closed for user rubyman
May 12 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381217.
May 12 21:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20789]: pam_unix(cron:session): session closed for user root
May 12 21:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23980]: pam_unix(cron:session): session closed for user samftp
May 12 21:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Invalid user git from 193.32.162.157
May 12 21:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: input_userauth_request: invalid user git [preauth]
May 12 21:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 21:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Failed password for invalid user git from 193.32.162.157 port 26694 ssh2
May 12 21:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Connection closed by 193.32.162.157 port 26694 [preauth]
May 12 21:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24257]: Invalid user ad from 27.252.59.193
May 12 21:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24257]: input_userauth_request: invalid user ad [preauth]
May 12 21:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: Invalid user access from 193.32.162.157
May 12 21:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: input_userauth_request: invalid user access [preauth]
May 12 21:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 21:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: Failed password for invalid user access from 193.32.162.157 port 16320 ssh2
May 12 21:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: Connection closed by 193.32.162.157 port 16320 [preauth]
May 12 21:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session closed for user root
May 12 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24436]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24437]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24434]: pam_unix(cron:session): session closed for user p13x
May 12 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: Successful su for rubyman by root
May 12 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: + ??? root:rubyman
May 12 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381220 of user rubyman.
May 12 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: pam_unix(su:session): session closed for user rubyman
May 12 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381220.
May 12 21:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session closed for user root
May 12 21:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24435]: pam_unix(cron:session): session closed for user samftp
May 12 21:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Invalid user admin from 80.94.95.112
May 12 21:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: input_userauth_request: invalid user admin [preauth]
May 12 21:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 21:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Failed password for invalid user admin from 80.94.95.112 port 56776 ssh2
May 12 21:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Failed password for invalid user admin from 80.94.95.112 port 56776 ssh2
May 12 21:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Failed password for invalid user admin from 80.94.95.112 port 56776 ssh2
May 12 21:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Failed password for invalid user admin from 80.94.95.112 port 56776 ssh2
May 12 21:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23459]: pam_unix(cron:session): session closed for user root
May 12 21:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Failed password for invalid user admin from 80.94.95.112 port 56776 ssh2
May 12 21:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Received disconnect from 80.94.95.112 port 56776:11: Bye [preauth]
May 12 21:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Disconnected from 80.94.95.112 port 56776 [preauth]
May 12 21:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 21:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24851]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24852]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24845]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24848]: pam_unix(cron:session): session closed for user p13x
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: Successful su for rubyman by root
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: + ??? root:rubyman
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381225 of user rubyman.
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: pam_unix(su:session): session closed for user rubyman
May 12 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381225.
May 12 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24845]: pam_unix(cron:session): session closed for user root
May 12 21:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21686]: pam_unix(cron:session): session closed for user root
May 12 21:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24849]: pam_unix(cron:session): session closed for user samftp
May 12 21:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23982]: pam_unix(cron:session): session closed for user root
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25366]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25363]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25357]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25366]: pam_unix(cron:session): session closed for user root
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25355]: pam_unix(cron:session): session closed for user p13x
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25429]: Successful su for rubyman by root
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25429]: + ??? root:rubyman
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381232 of user rubyman.
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25429]: pam_unix(su:session): session closed for user rubyman
May 12 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381232.
May 12 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25357]: pam_unix(cron:session): session closed for user root
May 12 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session closed for user root
May 12 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25356]: pam_unix(cron:session): session closed for user samftp
May 12 21:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24437]: pam_unix(cron:session): session closed for user root
May 12 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25870]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25869]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25867]: pam_unix(cron:session): session closed for user p13x
May 12 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25952]: Successful su for rubyman by root
May 12 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25952]: + ??? root:rubyman
May 12 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381235 of user rubyman.
May 12 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25952]: pam_unix(su:session): session closed for user rubyman
May 12 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381235.
May 12 21:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22889]: pam_unix(cron:session): session closed for user root
May 12 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25868]: pam_unix(cron:session): session closed for user samftp
May 12 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24852]: pam_unix(cron:session): session closed for user root
May 12 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26298]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26299]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26295]: pam_unix(cron:session): session closed for user p13x
May 12 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: Successful su for rubyman by root
May 12 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: + ??? root:rubyman
May 12 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381241 of user rubyman.
May 12 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: pam_unix(su:session): session closed for user rubyman
May 12 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381241.
May 12 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23458]: pam_unix(cron:session): session closed for user root
May 12 21:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26296]: pam_unix(cron:session): session closed for user samftp
May 12 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25365]: pam_unix(cron:session): session closed for user root
May 12 21:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: Invalid user sdf from 27.252.59.193
May 12 21:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: input_userauth_request: invalid user sdf [preauth]
May 12 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26811]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26809]: pam_unix(cron:session): session closed for user p13x
May 12 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26894]: Successful su for rubyman by root
May 12 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26894]: + ??? root:rubyman
May 12 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381243 of user rubyman.
May 12 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26894]: pam_unix(su:session): session closed for user rubyman
May 12 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381243.
May 12 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23981]: pam_unix(cron:session): session closed for user root
May 12 21:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26810]: pam_unix(cron:session): session closed for user samftp
May 12 21:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: Failed password for root from 218.92.0.179 port 23617 ssh2
May 12 21:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 21:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: Failed password for root from 218.92.0.179 port 23617 ssh2
May 12 21:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: Failed password for invalid user sdf from 27.252.59.193 port 52578 ssh2
May 12 21:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: Failed password for root from 218.92.0.179 port 23617 ssh2
May 12 21:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: Received disconnect from 218.92.0.179 port 23617:11:  [preauth]
May 12 21:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: Disconnected from 218.92.0.179 port 23617 [preauth]
May 12 21:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25870]: pam_unix(cron:session): session closed for user root
May 12 21:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: Connection closed by 27.252.59.193 port 52578 [preauth]
May 12 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27336]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27337]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27334]: pam_unix(cron:session): session closed for user p13x
May 12 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: Successful su for rubyman by root
May 12 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: + ??? root:rubyman
May 12 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381248 of user rubyman.
May 12 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: pam_unix(su:session): session closed for user rubyman
May 12 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381248.
May 12 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24436]: pam_unix(cron:session): session closed for user root
May 12 21:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27335]: pam_unix(cron:session): session closed for user samftp
May 12 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26299]: pam_unix(cron:session): session closed for user root
May 12 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27833]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27832]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27834]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27830]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27834]: pam_unix(cron:session): session closed for user root
May 12 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27827]: pam_unix(cron:session): session closed for user p13x
May 12 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27919]: Successful su for rubyman by root
May 12 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27919]: + ??? root:rubyman
May 12 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381251 of user rubyman.
May 12 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27919]: pam_unix(su:session): session closed for user rubyman
May 12 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381251.
May 12 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27830]: pam_unix(cron:session): session closed for user root
May 12 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24851]: pam_unix(cron:session): session closed for user root
May 12 21:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27828]: pam_unix(cron:session): session closed for user samftp
May 12 21:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session closed for user root
May 12 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28288]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28286]: pam_unix(cron:session): session closed for user p13x
May 12 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28361]: Successful su for rubyman by root
May 12 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28361]: + ??? root:rubyman
May 12 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381257 of user rubyman.
May 12 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28361]: pam_unix(su:session): session closed for user rubyman
May 12 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381257.
May 12 21:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25363]: pam_unix(cron:session): session closed for user root
May 12 21:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28287]: pam_unix(cron:session): session closed for user samftp
May 12 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27337]: pam_unix(cron:session): session closed for user root
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28709]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28708]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session closed for user root
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session closed for user p13x
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28770]: Successful su for rubyman by root
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28770]: + ??? root:rubyman
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381262 of user rubyman.
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28770]: pam_unix(su:session): session closed for user rubyman
May 12 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381262.
May 12 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25869]: pam_unix(cron:session): session closed for user root
May 12 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28707]: pam_unix(cron:session): session closed for user samftp
May 12 21:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: Failed password for root from 218.92.0.179 port 39054 ssh2
May 12 21:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 39054 ssh2]
May 12 21:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: Received disconnect from 218.92.0.179 port 39054:11:  [preauth]
May 12 21:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: Disconnected from 218.92.0.179 port 39054 [preauth]
May 12 21:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27833]: pam_unix(cron:session): session closed for user root
May 12 21:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: Did not receive identification string from 157.230.18.73
May 12 21:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session closed for user p13x
May 12 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29282]: Successful su for rubyman by root
May 12 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29282]: + ??? root:rubyman
May 12 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381266 of user rubyman.
May 12 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29282]: pam_unix(su:session): session closed for user rubyman
May 12 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381266.
May 12 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26298]: pam_unix(cron:session): session closed for user root
May 12 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session closed for user samftp
May 12 21:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29202]: Connection closed by 161.35.22.46 port 54538 [preauth]
May 12 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session closed for user root
May 12 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29628]: pam_unix(cron:session): session closed for user p13x
May 12 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29690]: Successful su for rubyman by root
May 12 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29690]: + ??? root:rubyman
May 12 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381272 of user rubyman.
May 12 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29690]: pam_unix(su:session): session closed for user rubyman
May 12 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381272.
May 12 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26811]: pam_unix(cron:session): session closed for user root
May 12 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session closed for user samftp
May 12 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28709]: pam_unix(cron:session): session closed for user root
May 12 21:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: Invalid user dsf from 27.252.59.193
May 12 21:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: input_userauth_request: invalid user dsf [preauth]
May 12 21:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 21:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: Failed password for invalid user dsf from 27.252.59.193 port 52927 ssh2
May 12 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30042]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30041]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30040]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30043]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30043]: pam_unix(cron:session): session closed for user root
May 12 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30038]: pam_unix(cron:session): session closed for user p13x
May 12 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30113]: Successful su for rubyman by root
May 12 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30113]: + ??? root:rubyman
May 12 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381276 of user rubyman.
May 12 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30113]: pam_unix(su:session): session closed for user rubyman
May 12 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381276.
May 12 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30040]: pam_unix(cron:session): session closed for user root
May 12 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27336]: pam_unix(cron:session): session closed for user root
May 12 21:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30039]: pam_unix(cron:session): session closed for user samftp
May 12 21:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: Connection closed by 27.252.59.193 port 52927 [preauth]
May 12 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session closed for user root
May 12 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30471]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30472]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30469]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30469]: pam_unix(cron:session): session closed for user p13x
May 12 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30536]: Successful su for rubyman by root
May 12 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30536]: + ??? root:rubyman
May 12 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381281 of user rubyman.
May 12 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30536]: pam_unix(su:session): session closed for user rubyman
May 12 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381281.
May 12 21:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27832]: pam_unix(cron:session): session closed for user root
May 12 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30470]: pam_unix(cron:session): session closed for user samftp
May 12 21:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: Invalid user asd from 27.252.59.193
May 12 21:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: input_userauth_request: invalid user asd [preauth]
May 12 21:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for root from 218.92.0.179 port 45518 ssh2
May 12 21:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for root from 218.92.0.179 port 45518 ssh2
May 12 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session closed for user root
May 12 21:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for root from 218.92.0.179 port 45518 ssh2
May 12 21:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Received disconnect from 218.92.0.179 port 45518:11:  [preauth]
May 12 21:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Disconnected from 218.92.0.179 port 45518 [preauth]
May 12 21:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: Invalid user test from 45.6.188.43
May 12 21:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: input_userauth_request: invalid user test [preauth]
May 12 21:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 12 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: Failed password for invalid user test from 45.6.188.43 port 43692 ssh2
May 12 21:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: Connection closed by 45.6.188.43 port 43692 [preauth]
May 12 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30871]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30872]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30868]: pam_unix(cron:session): session closed for user p13x
May 12 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30949]: Successful su for rubyman by root
May 12 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30949]: + ??? root:rubyman
May 12 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381284 of user rubyman.
May 12 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30949]: pam_unix(su:session): session closed for user rubyman
May 12 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381284.
May 12 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28288]: pam_unix(cron:session): session closed for user root
May 12 21:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30869]: pam_unix(cron:session): session closed for user samftp
May 12 21:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 21:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: Failed password for invalid user asd from 27.252.59.193 port 53008 ssh2
May 12 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30042]: pam_unix(cron:session): session closed for user root
May 12 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31373]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31372]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31370]: pam_unix(cron:session): session closed for user p13x
May 12 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31429]: Successful su for rubyman by root
May 12 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31429]: + ??? root:rubyman
May 12 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381290 of user rubyman.
May 12 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31429]: pam_unix(su:session): session closed for user rubyman
May 12 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381290.
May 12 21:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: Connection closed by 27.252.59.193 port 53008 [preauth]
May 12 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28708]: pam_unix(cron:session): session closed for user root
May 12 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31371]: pam_unix(cron:session): session closed for user samftp
May 12 21:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191  user=root
May 12 21:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: Failed password for root from 116.172.130.191 port 12678 ssh2
May 12 21:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: Received disconnect from 116.172.130.191 port 12678:11: Bye Bye [preauth]
May 12 21:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: Disconnected from 116.172.130.191 port 12678 [preauth]
May 12 21:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: Invalid user asd from 27.252.59.193
May 12 21:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: input_userauth_request: invalid user asd [preauth]
May 12 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30472]: pam_unix(cron:session): session closed for user root
May 12 21:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31803]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31802]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31800]: pam_unix(cron:session): session closed for user p13x
May 12 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31873]: Successful su for rubyman by root
May 12 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31873]: + ??? root:rubyman
May 12 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381292 of user rubyman.
May 12 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31873]: pam_unix(su:session): session closed for user rubyman
May 12 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381292.
May 12 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session closed for user root
May 12 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31801]: pam_unix(cron:session): session closed for user samftp
May 12 21:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 21:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: Failed password for invalid user asd from 27.252.59.193 port 53090 ssh2
May 12 21:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: Invalid user julian from 68.183.81.212
May 12 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: input_userauth_request: invalid user julian [preauth]
May 12 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212
May 12 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: Failed password for invalid user julian from 68.183.81.212 port 56634 ssh2
May 12 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: Received disconnect from 68.183.81.212 port 56634:11: Bye Bye [preauth]
May 12 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: Disconnected from 68.183.81.212 port 56634 [preauth]
May 12 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30872]: pam_unix(cron:session): session closed for user root
May 12 21:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: Failed password for invalid user asd from 27.252.59.193 port 53090 ssh2
May 12 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32529]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32531]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32532]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32527]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32532]: pam_unix(cron:session): session closed for user root
May 12 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32524]: pam_unix(cron:session): session closed for user p13x
May 12 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32613]: Successful su for rubyman by root
May 12 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32613]: + ??? root:rubyman
May 12 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381297 of user rubyman.
May 12 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32613]: pam_unix(su:session): session closed for user rubyman
May 12 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381297.
May 12 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32527]: pam_unix(cron:session): session closed for user root
May 12 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session closed for user root
May 12 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32525]: pam_unix(cron:session): session closed for user samftp
May 12 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Did not receive identification string from 193.200.78.72
May 12 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31373]: pam_unix(cron:session): session closed for user root
May 12 21:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: Failed password for root from 218.92.0.179 port 21742 ssh2
May 12 21:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 21742 ssh2]
May 12 21:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: Received disconnect from 218.92.0.179 port 21742:11:  [preauth]
May 12 21:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: Disconnected from 218.92.0.179 port 21742 [preauth]
May 12 21:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[693]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[691]: pam_unix(cron:session): session closed for user p13x
May 12 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[774]: Successful su for rubyman by root
May 12 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[774]: + ??? root:rubyman
May 12 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381302 of user rubyman.
May 12 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[774]: pam_unix(su:session): session closed for user rubyman
May 12 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381302.
May 12 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30041]: pam_unix(cron:session): session closed for user root
May 12 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[693]: pam_unix(cron:session): session closed for user samftp
May 12 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31803]: pam_unix(cron:session): session closed for user root
May 12 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1170]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1171]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session closed for user p13x
May 12 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1250]: Successful su for rubyman by root
May 12 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1250]: + ??? root:rubyman
May 12 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381306 of user rubyman.
May 12 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1250]: pam_unix(su:session): session closed for user rubyman
May 12 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381306.
May 12 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30471]: pam_unix(cron:session): session closed for user root
May 12 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1169]: pam_unix(cron:session): session closed for user samftp
May 12 21:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: Failed password for root from 218.92.0.179 port 30914 ssh2
May 12 21:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 30914 ssh2]
May 12 21:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: Received disconnect from 218.92.0.179 port 30914:11:  [preauth]
May 12 21:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: Disconnected from 218.92.0.179 port 30914 [preauth]
May 12 21:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32531]: pam_unix(cron:session): session closed for user root
May 12 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1651]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1653]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1648]: pam_unix(cron:session): session closed for user p13x
May 12 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1735]: Successful su for rubyman by root
May 12 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1735]: + ??? root:rubyman
May 12 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381311 of user rubyman.
May 12 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1735]: pam_unix(su:session): session closed for user rubyman
May 12 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381311.
May 12 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30871]: pam_unix(cron:session): session closed for user root
May 12 21:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1649]: pam_unix(cron:session): session closed for user samftp
May 12 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session closed for user root
May 12 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2180]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2179]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2177]: pam_unix(cron:session): session closed for user p13x
May 12 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2240]: Successful su for rubyman by root
May 12 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2240]: + ??? root:rubyman
May 12 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381315 of user rubyman.
May 12 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2240]: pam_unix(su:session): session closed for user rubyman
May 12 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381315.
May 12 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31372]: pam_unix(cron:session): session closed for user root
May 12 21:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2178]: pam_unix(cron:session): session closed for user samftp
May 12 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1171]: pam_unix(cron:session): session closed for user root
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2617]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2618]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2616]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2620]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2620]: pam_unix(cron:session): session closed for user root
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2614]: pam_unix(cron:session): session closed for user p13x
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2697]: Successful su for rubyman by root
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2697]: + ??? root:rubyman
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381321 of user rubyman.
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2697]: pam_unix(su:session): session closed for user rubyman
May 12 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381321.
May 12 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2616]: pam_unix(cron:session): session closed for user root
May 12 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31802]: pam_unix(cron:session): session closed for user root
May 12 21:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2615]: pam_unix(cron:session): session closed for user samftp
May 12 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1653]: pam_unix(cron:session): session closed for user root
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3075]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3073]: pam_unix(cron:session): session closed for user p13x
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3143]: Successful su for rubyman by root
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3143]: + ??? root:rubyman
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381325 of user rubyman.
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3143]: pam_unix(su:session): session closed for user rubyman
May 12 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381325.
May 12 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32529]: pam_unix(cron:session): session closed for user root
May 12 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3074]: pam_unix(cron:session): session closed for user samftp
May 12 21:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3070]: Invalid user hello from 27.252.59.193
May 12 21:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3070]: input_userauth_request: invalid user hello [preauth]
May 12 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2180]: pam_unix(cron:session): session closed for user root
May 12 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3515]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3516]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3513]: pam_unix(cron:session): session closed for user p13x
May 12 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3609]: Successful su for rubyman by root
May 12 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3609]: + ??? root:rubyman
May 12 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381330 of user rubyman.
May 12 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3609]: pam_unix(su:session): session closed for user rubyman
May 12 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381330.
May 12 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session closed for user root
May 12 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3514]: pam_unix(cron:session): session closed for user samftp
May 12 21:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2618]: pam_unix(cron:session): session closed for user root
May 12 21:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Invalid user hasan from 116.172.130.191
May 12 21:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: input_userauth_request: invalid user hasan [preauth]
May 12 21:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191
May 12 21:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Failed password for invalid user hasan from 116.172.130.191 port 21400 ssh2
May 12 21:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Received disconnect from 116.172.130.191 port 21400:11: Bye Bye [preauth]
May 12 21:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Disconnected from 116.172.130.191 port 21400 [preauth]
May 12 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3993]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3990]: pam_unix(cron:session): session closed for user p13x
May 12 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: Successful su for rubyman by root
May 12 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: + ??? root:rubyman
May 12 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381333 of user rubyman.
May 12 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: pam_unix(su:session): session closed for user rubyman
May 12 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381333.
May 12 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1170]: pam_unix(cron:session): session closed for user root
May 12 21:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3992]: pam_unix(cron:session): session closed for user samftp
May 12 21:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191  user=root
May 12 21:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Failed password for root from 116.172.130.191 port 36250 ssh2
May 12 21:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Received disconnect from 116.172.130.191 port 36250:11: Bye Bye [preauth]
May 12 21:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Disconnected from 116.172.130.191 port 36250 [preauth]
May 12 21:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session closed for user root
May 12 21:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191  user=root
May 12 21:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4545]: Failed password for root from 116.172.130.191 port 26938 ssh2
May 12 21:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4545]: Received disconnect from 116.172.130.191 port 26938:11: Bye Bye [preauth]
May 12 21:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4545]: Disconnected from 116.172.130.191 port 26938 [preauth]
May 12 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4562]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4563]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session closed for user p13x
May 12 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4624]: Successful su for rubyman by root
May 12 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4624]: + ??? root:rubyman
May 12 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381338 of user rubyman.
May 12 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4624]: pam_unix(su:session): session closed for user rubyman
May 12 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381338.
May 12 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1651]: pam_unix(cron:session): session closed for user root
May 12 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session closed for user samftp
May 12 21:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Invalid user hello! from 27.252.59.193
May 12 21:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: input_userauth_request: invalid user hello! [preauth]
May 12 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3516]: pam_unix(cron:session): session closed for user root
May 12 21:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191  user=root
May 12 21:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4917]: Failed password for root from 116.172.130.191 port 25826 ssh2
May 12 21:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4917]: Received disconnect from 116.172.130.191 port 25826:11: Bye Bye [preauth]
May 12 21:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4917]: Disconnected from 116.172.130.191 port 25826 [preauth]
May 12 21:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 21:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Failed password for invalid user hello! from 27.252.59.193 port 53558 ssh2
May 12 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5001]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4999]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4991]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5000]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5001]: pam_unix(cron:session): session closed for user root
May 12 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4989]: pam_unix(cron:session): session closed for user p13x
May 12 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5248]: Successful su for rubyman by root
May 12 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5248]: + ??? root:rubyman
May 12 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381343 of user rubyman.
May 12 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5248]: pam_unix(su:session): session closed for user rubyman
May 12 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381343.
May 12 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5325]: Invalid user system from 116.172.130.191
May 12 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5325]: input_userauth_request: invalid user system [preauth]
May 12 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5325]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191
May 12 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4991]: pam_unix(cron:session): session closed for user root
May 12 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2179]: pam_unix(cron:session): session closed for user root
May 12 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5325]: Failed password for invalid user system from 116.172.130.191 port 49876 ssh2
May 12 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5325]: Received disconnect from 116.172.130.191 port 49876:11: Bye Bye [preauth]
May 12 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5325]: Disconnected from 116.172.130.191 port 49876 [preauth]
May 12 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4990]: pam_unix(cron:session): session closed for user samftp
May 12 21:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: Invalid user sgc from 164.68.105.9
May 12 21:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: input_userauth_request: invalid user sgc [preauth]
May 12 21:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May 12 21:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: Failed password for invalid user sgc from 164.68.105.9 port 53056 ssh2
May 12 21:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: Connection closed by 164.68.105.9 port 53056 [preauth]
May 12 21:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: Invalid user test2 from 116.172.130.191
May 12 21:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: input_userauth_request: invalid user test2 [preauth]
May 12 21:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191
May 12 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: Failed password for invalid user test2 from 116.172.130.191 port 24406 ssh2
May 12 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session closed for user root
May 12 21:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: Received disconnect from 116.172.130.191 port 24406:11: Bye Bye [preauth]
May 12 21:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: Disconnected from 116.172.130.191 port 24406 [preauth]
May 12 21:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: Invalid user suresh from 68.183.81.212
May 12 21:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: input_userauth_request: invalid user suresh [preauth]
May 12 21:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212
May 12 21:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: Failed password for invalid user suresh from 68.183.81.212 port 32992 ssh2
May 12 21:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: Received disconnect from 68.183.81.212 port 32992:11: Bye Bye [preauth]
May 12 21:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: Disconnected from 68.183.81.212 port 32992 [preauth]
May 12 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5686]: pam_unix(cron:session): session closed for user p13x
May 12 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5758]: Successful su for rubyman by root
May 12 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5758]: + ??? root:rubyman
May 12 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381347 of user rubyman.
May 12 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5758]: pam_unix(su:session): session closed for user rubyman
May 12 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381347.
May 12 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5683]: Invalid user eda from 116.172.130.191
May 12 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5683]: input_userauth_request: invalid user eda [preauth]
May 12 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5683]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191
May 12 21:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5683]: Failed password for invalid user eda from 116.172.130.191 port 12018 ssh2
May 12 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5683]: Received disconnect from 116.172.130.191 port 12018:11: Bye Bye [preauth]
May 12 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5683]: Disconnected from 116.172.130.191 port 12018 [preauth]
May 12 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2617]: pam_unix(cron:session): session closed for user root
May 12 21:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session closed for user samftp
May 12 21:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191  user=root
May 12 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4563]: pam_unix(cron:session): session closed for user root
May 12 21:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Failed password for root from 116.172.130.191 port 64604 ssh2
May 12 21:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Received disconnect from 116.172.130.191 port 64604:11: Bye Bye [preauth]
May 12 21:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Disconnected from 116.172.130.191 port 64604 [preauth]
May 12 21:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Invalid user virtual from 14.103.114.195
May 12 21:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: input_userauth_request: invalid user virtual [preauth]
May 12 21:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.195
May 12 21:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Failed password for invalid user virtual from 14.103.114.195 port 49692 ssh2
May 12 21:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Received disconnect from 14.103.114.195 port 49692:11: Bye Bye [preauth]
May 12 21:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Disconnected from 14.103.114.195 port 49692 [preauth]
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session closed for user p13x
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6266]: Successful su for rubyman by root
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6266]: + ??? root:rubyman
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381350 of user rubyman.
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6266]: pam_unix(su:session): session closed for user rubyman
May 12 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381350.
May 12 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191  user=root
May 12 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3075]: pam_unix(cron:session): session closed for user root
May 12 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6199]: Failed password for root from 116.172.130.191 port 19192 ssh2
May 12 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6199]: Received disconnect from 116.172.130.191 port 19192:11: Bye Bye [preauth]
May 12 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6199]: Disconnected from 116.172.130.191 port 19192 [preauth]
May 12 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session closed for user samftp
May 12 21:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Failed password for root from 218.92.0.179 port 59891 ssh2
May 12 21:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 59891 ssh2]
May 12 21:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Received disconnect from 218.92.0.179 port 59891:11:  [preauth]
May 12 21:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Disconnected from 218.92.0.179 port 59891 [preauth]
May 12 21:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Invalid user suresh from 116.172.130.191
May 12 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: input_userauth_request: invalid user suresh [preauth]
May 12 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191
May 12 21:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5000]: pam_unix(cron:session): session closed for user root
May 12 21:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Failed password for invalid user suresh from 116.172.130.191 port 34982 ssh2
May 12 21:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Received disconnect from 116.172.130.191 port 34982:11: Bye Bye [preauth]
May 12 21:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Disconnected from 116.172.130.191 port 34982 [preauth]
May 12 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6608]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6604]: pam_unix(cron:session): session closed for user p13x
May 12 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6679]: Successful su for rubyman by root
May 12 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6679]: + ??? root:rubyman
May 12 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381355 of user rubyman.
May 12 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6679]: pam_unix(su:session): session closed for user rubyman
May 12 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381355.
May 12 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191  user=root
May 12 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3515]: pam_unix(cron:session): session closed for user root
May 12 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6606]: pam_unix(cron:session): session closed for user samftp
May 12 21:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: Failed password for root from 116.172.130.191 port 62300 ssh2
May 12 21:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: Received disconnect from 116.172.130.191 port 62300:11: Bye Bye [preauth]
May 12 21:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: Disconnected from 116.172.130.191 port 62300 [preauth]
May 12 21:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session closed for user root
May 12 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191  user=root
May 12 21:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: Failed password for root from 116.172.130.191 port 57478 ssh2
May 12 21:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: Received disconnect from 116.172.130.191 port 57478:11: Bye Bye [preauth]
May 12 21:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: Disconnected from 116.172.130.191 port 57478 [preauth]
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7130]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7133]: pam_unix(cron:session): session closed for user p13x
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7265]: Successful su for rubyman by root
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7265]: + ??? root:rubyman
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381358 of user rubyman.
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7265]: pam_unix(su:session): session closed for user rubyman
May 12 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381358.
May 12 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7130]: pam_unix(cron:session): session closed for user root
May 12 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191  user=root
May 12 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3993]: pam_unix(cron:session): session closed for user root
May 12 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Failed password for root from 116.172.130.191 port 14646 ssh2
May 12 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Received disconnect from 116.172.130.191 port 14646:11: Bye Bye [preauth]
May 12 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Disconnected from 116.172.130.191 port 14646 [preauth]
May 12 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7135]: pam_unix(cron:session): session closed for user samftp
May 12 21:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Invalid user hello! from 27.252.59.193
May 12 21:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: input_userauth_request: invalid user hello! [preauth]
May 12 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session closed for user root
May 12 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: Invalid user myuser from 116.172.130.191
May 12 21:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: input_userauth_request: invalid user myuser [preauth]
May 12 21:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191
May 12 21:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: Failed password for invalid user myuser from 116.172.130.191 port 49260 ssh2
May 12 21:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: Received disconnect from 116.172.130.191 port 49260:11: Bye Bye [preauth]
May 12 21:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: Disconnected from 116.172.130.191 port 49260 [preauth]
May 12 21:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 21:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Failed password for invalid user hello! from 27.252.59.193 port 53795 ssh2
May 12 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7755]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7756]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7762]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7762]: pam_unix(cron:session): session closed for user root
May 12 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7753]: pam_unix(cron:session): session closed for user p13x
May 12 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7830]: Successful su for rubyman by root
May 12 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7830]: + ??? root:rubyman
May 12 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381365 of user rubyman.
May 12 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7830]: pam_unix(su:session): session closed for user rubyman
May 12 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381365.
May 12 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.172.130.191  user=root
May 12 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7755]: pam_unix(cron:session): session closed for user root
May 12 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4562]: pam_unix(cron:session): session closed for user root
May 12 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Failed password for root from 116.172.130.191 port 44702 ssh2
May 12 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Received disconnect from 116.172.130.191 port 44702:11: Bye Bye [preauth]
May 12 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Disconnected from 116.172.130.191 port 44702 [preauth]
May 12 21:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7754]: pam_unix(cron:session): session closed for user samftp
May 12 21:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6608]: pam_unix(cron:session): session closed for user root
May 12 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Invalid user admin from 80.94.95.112
May 12 21:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: input_userauth_request: invalid user admin [preauth]
May 12 21:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 21:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Failed password for invalid user admin from 80.94.95.112 port 25400 ssh2
May 12 21:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Failed password for invalid user admin from 80.94.95.112 port 25400 ssh2
May 12 21:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Failed password for invalid user admin from 80.94.95.112 port 25400 ssh2
May 12 21:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Failed password for invalid user hello! from 27.252.59.193 port 53795 ssh2
May 12 21:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: Invalid user hasan from 68.183.81.212
May 12 21:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: input_userauth_request: invalid user hasan [preauth]
May 12 21:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212
May 12 21:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Failed password for invalid user admin from 80.94.95.112 port 25400 ssh2
May 12 21:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: Failed password for invalid user hasan from 68.183.81.212 port 60964 ssh2
May 12 21:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: Received disconnect from 68.183.81.212 port 60964:11: Bye Bye [preauth]
May 12 21:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: Disconnected from 68.183.81.212 port 60964 [preauth]
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Failed password for invalid user admin from 80.94.95.112 port 25400 ssh2
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8228]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session closed for user p13x
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Received disconnect from 80.94.95.112 port 25400:11: Bye [preauth]
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Disconnected from 80.94.95.112 port 25400 [preauth]
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: Successful su for rubyman by root
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: + ??? root:rubyman
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381372 of user rubyman.
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: pam_unix(su:session): session closed for user rubyman
May 12 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381372.
May 12 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4999]: pam_unix(cron:session): session closed for user root
May 12 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8226]: pam_unix(cron:session): session closed for user samftp
May 12 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session closed for user root
May 12 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8657]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8654]: pam_unix(cron:session): session closed for user p13x
May 12 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8729]: Successful su for rubyman by root
May 12 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8729]: + ??? root:rubyman
May 12 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381373 of user rubyman.
May 12 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8729]: pam_unix(su:session): session closed for user rubyman
May 12 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381373.
May 12 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session closed for user root
May 12 21:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8656]: pam_unix(cron:session): session closed for user samftp
May 12 21:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8916]: Invalid user hello from 27.252.59.193
May 12 21:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8916]: input_userauth_request: invalid user hello [preauth]
May 12 21:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session closed for user root
May 12 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9073]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9074]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9071]: pam_unix(cron:session): session closed for user p13x
May 12 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9223]: Successful su for rubyman by root
May 12 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9223]: + ??? root:rubyman
May 12 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381377 of user rubyman.
May 12 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9223]: pam_unix(su:session): session closed for user rubyman
May 12 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381377.
May 12 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session closed for user root
May 12 21:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9072]: pam_unix(cron:session): session closed for user samftp
May 12 21:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8916]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 21:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8916]: Failed password for invalid user hello from 27.252.59.193 port 53930 ssh2
May 12 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8228]: pam_unix(cron:session): session closed for user root
May 12 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9588]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9589]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9586]: pam_unix(cron:session): session closed for user p13x
May 12 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9647]: Successful su for rubyman by root
May 12 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9647]: + ??? root:rubyman
May 12 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381381 of user rubyman.
May 12 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9647]: pam_unix(su:session): session closed for user rubyman
May 12 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381381.
May 12 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session closed for user root
May 12 21:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9587]: pam_unix(cron:session): session closed for user samftp
May 12 21:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session closed for user root
May 12 21:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9997]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9996]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9997]: pam_unix(cron:session): session closed for user root
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: Connection reset by 205.210.31.192 port 64404 [preauth]
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9992]: pam_unix(cron:session): session closed for user p13x
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10064]: Successful su for rubyman by root
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10064]: + ??? root:rubyman
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381388 of user rubyman.
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10064]: pam_unix(su:session): session closed for user rubyman
May 12 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381388.
May 12 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session closed for user root
May 12 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session closed for user root
May 12 21:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9993]: pam_unix(cron:session): session closed for user samftp
May 12 21:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9074]: pam_unix(cron:session): session closed for user root
May 12 21:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: Invalid user HELLO from 27.252.59.193
May 12 21:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: input_userauth_request: invalid user HELLO [preauth]
May 12 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10526]: pam_unix(cron:session): session closed for user p13x
May 12 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10603]: Successful su for rubyman by root
May 12 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10603]: + ??? root:rubyman
May 12 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381391 of user rubyman.
May 12 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10603]: pam_unix(su:session): session closed for user rubyman
May 12 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381391.
May 12 21:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7756]: pam_unix(cron:session): session closed for user root
May 12 21:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10527]: pam_unix(cron:session): session closed for user samftp
May 12 21:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212  user=root
May 12 21:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10854]: Failed password for root from 68.183.81.212 port 47966 ssh2
May 12 21:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10854]: Received disconnect from 68.183.81.212 port 47966:11: Bye Bye [preauth]
May 12 21:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10854]: Disconnected from 68.183.81.212 port 47966 [preauth]
May 12 21:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9589]: pam_unix(cron:session): session closed for user root
May 12 21:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 21:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: Failed password for invalid user HELLO from 27.252.59.193 port 54046 ssh2
May 12 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10997]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session closed for user p13x
May 12 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11058]: Successful su for rubyman by root
May 12 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11058]: + ??? root:rubyman
May 12 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381395 of user rubyman.
May 12 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11058]: pam_unix(su:session): session closed for user rubyman
May 12 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381395.
May 12 21:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session closed for user root
May 12 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10995]: pam_unix(cron:session): session closed for user samftp
May 12 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9996]: pam_unix(cron:session): session closed for user root
May 12 21:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: Invalid user hello from 27.252.59.193
May 12 21:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: input_userauth_request: invalid user hello [preauth]
May 12 21:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11394]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11395]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11392]: pam_unix(cron:session): session closed for user p13x
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Invalid user git from 193.32.162.157
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: input_userauth_request: invalid user git [preauth]
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11453]: Successful su for rubyman by root
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11453]: + ??? root:rubyman
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381402 of user rubyman.
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11453]: pam_unix(su:session): session closed for user rubyman
May 12 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381402.
May 12 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Failed password for invalid user git from 193.32.162.157 port 58854 ssh2
May 12 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8657]: pam_unix(cron:session): session closed for user root
May 12 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Connection closed by 193.32.162.157 port 58854 [preauth]
May 12 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11393]: pam_unix(cron:session): session closed for user samftp
May 12 21:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11628]: Invalid user account from 193.32.162.157
May 12 21:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11628]: input_userauth_request: invalid user account [preauth]
May 12 21:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11628]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 21:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11628]: Failed password for invalid user account from 193.32.162.157 port 15588 ssh2
May 12 21:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11628]: Connection closed by 193.32.162.157 port 15588 [preauth]
May 12 21:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: Invalid user git from 193.32.162.157
May 12 21:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: input_userauth_request: invalid user git [preauth]
May 12 21:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 21:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session closed for user root
May 12 21:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: Failed password for invalid user git from 193.32.162.157 port 2846 ssh2
May 12 21:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: Connection closed by 193.32.162.157 port 2846 [preauth]
May 12 21:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Invalid user abraham from 193.32.162.157
May 12 21:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: input_userauth_request: invalid user abraham [preauth]
May 12 21:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 21:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Failed password for invalid user abraham from 193.32.162.157 port 49858 ssh2
May 12 21:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Connection closed by 193.32.162.157 port 49858 [preauth]
May 12 21:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11803]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11802]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11800]: pam_unix(cron:session): session closed for user p13x
May 12 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11862]: Successful su for rubyman by root
May 12 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11862]: + ??? root:rubyman
May 12 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381403 of user rubyman.
May 12 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11862]: pam_unix(su:session): session closed for user rubyman
May 12 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381403.
May 12 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9073]: pam_unix(cron:session): session closed for user root
May 12 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Invalid user zyx from 193.32.162.157
May 12 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: input_userauth_request: invalid user zyx [preauth]
May 12 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11801]: pam_unix(cron:session): session closed for user samftp
May 12 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Failed password for invalid user zyx from 193.32.162.157 port 20966 ssh2
May 12 21:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Connection closed by 193.32.162.157 port 20966 [preauth]
May 12 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10997]: pam_unix(cron:session): session closed for user root
May 12 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12194]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12195]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12197]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12197]: pam_unix(cron:session): session closed for user root
May 12 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12192]: pam_unix(cron:session): session closed for user p13x
May 12 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12262]: Successful su for rubyman by root
May 12 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12262]: + ??? root:rubyman
May 12 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381408 of user rubyman.
May 12 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12262]: pam_unix(su:session): session closed for user rubyman
May 12 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381408.
May 12 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12194]: pam_unix(cron:session): session closed for user root
May 12 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9588]: pam_unix(cron:session): session closed for user root
May 12 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session closed for user samftp
May 12 21:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11395]: pam_unix(cron:session): session closed for user root
May 12 21:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session closed for user p13x
May 12 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: Successful su for rubyman by root
May 12 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: + ??? root:rubyman
May 12 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381414 of user rubyman.
May 12 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: pam_unix(su:session): session closed for user rubyman
May 12 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381414.
May 12 21:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session closed for user root
May 12 21:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session closed for user samftp
May 12 21:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212  user=root
May 12 21:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Failed password for root from 68.183.81.212 port 44078 ssh2
May 12 21:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Received disconnect from 68.183.81.212 port 44078:11: Bye Bye [preauth]
May 12 21:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Disconnected from 68.183.81.212 port 44078 [preauth]
May 12 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11803]: pam_unix(cron:session): session closed for user root
May 12 21:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Invalid user HELLO from 27.252.59.193
May 12 21:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: input_userauth_request: invalid user HELLO [preauth]
May 12 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13026]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13027]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13024]: pam_unix(cron:session): session closed for user p13x
May 12 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13091]: Successful su for rubyman by root
May 12 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13091]: + ??? root:rubyman
May 12 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381417 of user rubyman.
May 12 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13091]: pam_unix(su:session): session closed for user rubyman
May 12 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381417.
May 12 21:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session closed for user root
May 12 21:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13025]: pam_unix(cron:session): session closed for user samftp
May 12 21:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 21:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Failed password for invalid user HELLO from 27.252.59.193 port 54335 ssh2
May 12 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session closed for user root
May 12 21:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: Failed password for root from 218.92.0.179 port 28750 ssh2
May 12 21:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 28750 ssh2]
May 12 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13429]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13426]: pam_unix(cron:session): session closed for user p13x
May 12 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13587]: Successful su for rubyman by root
May 12 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13587]: + ??? root:rubyman
May 12 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381422 of user rubyman.
May 12 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13587]: pam_unix(su:session): session closed for user rubyman
May 12 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381422.
May 12 21:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session closed for user root
May 12 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: Received disconnect from 218.92.0.179 port 28750:11:  [preauth]
May 12 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: Disconnected from 218.92.0.179 port 28750 [preauth]
May 12 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 21:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13427]: pam_unix(cron:session): session closed for user samftp
May 12 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session closed for user root
May 12 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13933]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13934]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session closed for user p13x
May 12 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: Successful su for rubyman by root
May 12 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: + ??? root:rubyman
May 12 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381426 of user rubyman.
May 12 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: pam_unix(su:session): session closed for user rubyman
May 12 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381426.
May 12 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11394]: pam_unix(cron:session): session closed for user root
May 12 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session closed for user samftp
May 12 21:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.195  user=root
May 12 21:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Failed password for root from 14.103.114.195 port 55490 ssh2
May 12 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13027]: pam_unix(cron:session): session closed for user root
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14339]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session closed for user root
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14336]: pam_unix(cron:session): session closed for user p13x
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: Successful su for rubyman by root
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: + ??? root:rubyman
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381431 of user rubyman.
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: pam_unix(su:session): session closed for user rubyman
May 12 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381431.
May 12 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11802]: pam_unix(cron:session): session closed for user root
May 12 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session closed for user root
May 12 21:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14337]: pam_unix(cron:session): session closed for user samftp
May 12 21:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: Invalid user operator from 31.43.192.2
May 12 21:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: input_userauth_request: invalid user operator [preauth]
May 12 21:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.43.192.2
May 12 21:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: Failed password for invalid user operator from 31.43.192.2 port 50260 ssh2
May 12 21:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: Connection closed by 31.43.192.2 port 50260 [preauth]
May 12 21:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13429]: pam_unix(cron:session): session closed for user root
May 12 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14784]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session closed for user p13x
May 12 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: Successful su for rubyman by root
May 12 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: + ??? root:rubyman
May 12 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381435 of user rubyman.
May 12 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: pam_unix(su:session): session closed for user rubyman
May 12 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381435.
May 12 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12195]: pam_unix(cron:session): session closed for user root
May 12 21:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14782]: pam_unix(cron:session): session closed for user samftp
May 12 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13934]: pam_unix(cron:session): session closed for user root
May 12 21:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212  user=root
May 12 21:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Failed password for root from 68.183.81.212 port 50184 ssh2
May 12 21:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Received disconnect from 68.183.81.212 port 50184:11: Bye Bye [preauth]
May 12 21:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Disconnected from 68.183.81.212 port 50184 [preauth]
May 12 21:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 21:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Invalid user Hello from 27.252.59.193
May 12 21:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: input_userauth_request: invalid user Hello [preauth]
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: pam_unix(sshd:auth): check pass; user unknown
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15191]: pam_unix(cron:session): session closed for user p13x
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15253]: Successful su for rubyman by root
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15253]: + ??? root:rubyman
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381439 of user rubyman.
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15253]: pam_unix(su:session): session closed for user rubyman
May 12 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381439.
May 12 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Failed password for invalid user Hello from 27.252.59.193 port 54543 ssh2
May 12 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session closed for user root
May 12 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session closed for user samftp
May 12 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session closed for user root
May 12 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15594]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15592]: pam_unix(cron:session): session closed for user p13x
May 12 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15651]: Successful su for rubyman by root
May 12 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15651]: + ??? root:rubyman
May 12 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381444 of user rubyman.
May 12 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15651]: pam_unix(su:session): session closed for user rubyman
May 12 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381444.
May 12 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13026]: pam_unix(cron:session): session closed for user root
May 12 21:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session closed for user samftp
May 12 21:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14784]: pam_unix(cron:session): session closed for user root
May 12 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session closed for user p13x
May 12 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16046]: Successful su for rubyman by root
May 12 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16046]: + ??? root:rubyman
May 12 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381448 of user rubyman.
May 12 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16046]: pam_unix(su:session): session closed for user rubyman
May 12 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381448.
May 12 21:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session closed for user root
May 12 21:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session closed for user samftp
May 12 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session closed for user root
May 12 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session closed for user root
May 12 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session closed for user root
May 12 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session closed for user p13x
May 12 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16472]: Successful su for rubyman by root
May 12 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16472]: + ??? root:rubyman
May 12 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381454 of user rubyman.
May 12 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16472]: pam_unix(su:session): session closed for user rubyman
May 12 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381454.
May 12 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13933]: pam_unix(cron:session): session closed for user root
May 12 22:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session closed for user root
May 12 22:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session closed for user samftp
May 12 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session closed for user root
May 12 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16938]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16936]: pam_unix(cron:session): session closed for user p13x
May 12 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17012]: Successful su for rubyman by root
May 12 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17012]: + ??? root:rubyman
May 12 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381458 of user rubyman.
May 12 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17012]: pam_unix(su:session): session closed for user rubyman
May 12 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381458.
May 12 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14339]: pam_unix(cron:session): session closed for user root
May 12 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16937]: pam_unix(cron:session): session closed for user samftp
May 12 22:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session closed for user root
May 12 22:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Invalid user system from 68.183.81.212
May 12 22:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: input_userauth_request: invalid user system [preauth]
May 12 22:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212
May 12 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Failed password for invalid user system from 68.183.81.212 port 38080 ssh2
May 12 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Received disconnect from 68.183.81.212 port 38080:11: Bye Bye [preauth]
May 12 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Disconnected from 68.183.81.212 port 38080 [preauth]
May 12 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17356]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17357]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17354]: pam_unix(cron:session): session closed for user p13x
May 12 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17426]: Successful su for rubyman by root
May 12 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17426]: + ??? root:rubyman
May 12 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381463 of user rubyman.
May 12 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17426]: pam_unix(su:session): session closed for user rubyman
May 12 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381463.
May 12 22:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14783]: pam_unix(cron:session): session closed for user root
May 12 22:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17355]: pam_unix(cron:session): session closed for user samftp
May 12 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session closed for user root
May 12 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17800]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17802]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17796]: pam_unix(cron:session): session closed for user p13x
May 12 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17949]: Successful su for rubyman by root
May 12 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17949]: + ??? root:rubyman
May 12 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381466 of user rubyman.
May 12 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17949]: pam_unix(su:session): session closed for user rubyman
May 12 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381466.
May 12 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session closed for user root
May 12 22:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17799]: pam_unix(cron:session): session closed for user samftp
May 12 22:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.195  user=root
May 12 22:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: Failed password for root from 14.103.114.195 port 43324 ssh2
May 12 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session closed for user root
May 12 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18300]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18301]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18296]: pam_unix(cron:session): session closed for user p13x
May 12 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18361]: Successful su for rubyman by root
May 12 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18361]: + ??? root:rubyman
May 12 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381470 of user rubyman.
May 12 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18361]: pam_unix(su:session): session closed for user rubyman
May 12 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381470.
May 12 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15594]: pam_unix(cron:session): session closed for user root
May 12 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18299]: pam_unix(cron:session): session closed for user samftp
May 12 22:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17357]: pam_unix(cron:session): session closed for user root
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18706]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18705]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18704]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18703]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18706]: pam_unix(cron:session): session closed for user root
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18701]: pam_unix(cron:session): session closed for user p13x
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18778]: Successful su for rubyman by root
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18778]: + ??? root:rubyman
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381477 of user rubyman.
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18778]: pam_unix(su:session): session closed for user rubyman
May 12 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381477.
May 12 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session closed for user root
May 12 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18703]: pam_unix(cron:session): session closed for user root
May 12 22:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18702]: pam_unix(cron:session): session closed for user samftp
May 12 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17802]: pam_unix(cron:session): session closed for user root
May 12 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19146]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19143]: pam_unix(cron:session): session closed for user p13x
May 12 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19209]: Successful su for rubyman by root
May 12 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19209]: + ??? root:rubyman
May 12 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381481 of user rubyman.
May 12 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19209]: pam_unix(su:session): session closed for user rubyman
May 12 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381481.
May 12 22:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session closed for user root
May 12 22:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session closed for user samftp
May 12 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18301]: pam_unix(cron:session): session closed for user root
May 12 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19563]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19562]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19560]: pam_unix(cron:session): session closed for user p13x
May 12 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19632]: Successful su for rubyman by root
May 12 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19632]: + ??? root:rubyman
May 12 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381484 of user rubyman.
May 12 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19632]: pam_unix(su:session): session closed for user rubyman
May 12 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381484.
May 12 22:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16938]: pam_unix(cron:session): session closed for user root
May 12 22:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19561]: pam_unix(cron:session): session closed for user samftp
May 12 22:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: Invalid user test2 from 68.183.81.212
May 12 22:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: input_userauth_request: invalid user test2 [preauth]
May 12 22:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212
May 12 22:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: Failed password for invalid user test2 from 68.183.81.212 port 56996 ssh2
May 12 22:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: Received disconnect from 68.183.81.212 port 56996:11: Bye Bye [preauth]
May 12 22:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: Disconnected from 68.183.81.212 port 56996 [preauth]
May 12 22:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18705]: pam_unix(cron:session): session closed for user root
May 12 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19991]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19988]: pam_unix(cron:session): session closed for user p13x
May 12 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: Successful su for rubyman by root
May 12 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: + ??? root:rubyman
May 12 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381488 of user rubyman.
May 12 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: pam_unix(su:session): session closed for user rubyman
May 12 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381488.
May 12 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17356]: pam_unix(cron:session): session closed for user root
May 12 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19990]: pam_unix(cron:session): session closed for user samftp
May 12 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19146]: pam_unix(cron:session): session closed for user root
May 12 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20390]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20391]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20384]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session closed for user p13x
May 12 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20519]: Successful su for rubyman by root
May 12 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20519]: + ??? root:rubyman
May 12 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381494 of user rubyman.
May 12 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20519]: pam_unix(su:session): session closed for user rubyman
May 12 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381494.
May 12 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20384]: pam_unix(cron:session): session closed for user root
May 12 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17800]: pam_unix(cron:session): session closed for user root
May 12 22:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session closed for user samftp
May 12 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19563]: pam_unix(cron:session): session closed for user root
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20905]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20906]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20907]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20904]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20907]: pam_unix(cron:session): session closed for user root
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20902]: pam_unix(cron:session): session closed for user p13x
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: Successful su for rubyman by root
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: + ??? root:rubyman
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381498 of user rubyman.
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: pam_unix(su:session): session closed for user rubyman
May 12 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381498.
May 12 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20904]: pam_unix(cron:session): session closed for user root
May 12 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18300]: pam_unix(cron:session): session closed for user root
May 12 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20903]: pam_unix(cron:session): session closed for user samftp
May 12 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19992]: pam_unix(cron:session): session closed for user root
May 12 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21369]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21370]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21367]: pam_unix(cron:session): session closed for user p13x
May 12 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21433]: Successful su for rubyman by root
May 12 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21433]: + ??? root:rubyman
May 12 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381505 of user rubyman.
May 12 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21433]: pam_unix(su:session): session closed for user rubyman
May 12 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381505.
May 12 22:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18704]: pam_unix(cron:session): session closed for user root
May 12 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21368]: pam_unix(cron:session): session closed for user samftp
May 12 22:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May 12 22:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: Failed password for root from 50.235.31.47 port 36862 ssh2
May 12 22:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: Connection closed by 50.235.31.47 port 36862 [preauth]
May 12 22:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20391]: pam_unix(cron:session): session closed for user root
May 12 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22110]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session closed for user p13x
May 12 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22175]: Successful su for rubyman by root
May 12 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22175]: + ??? root:rubyman
May 12 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381507 of user rubyman.
May 12 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22175]: pam_unix(su:session): session closed for user rubyman
May 12 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381507.
May 12 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session closed for user root
May 12 22:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session closed for user samftp
May 12 22:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Invalid user suresh from 14.103.114.195
May 12 22:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: input_userauth_request: invalid user suresh [preauth]
May 12 22:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.195
May 12 22:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Failed password for invalid user suresh from 14.103.114.195 port 39672 ssh2
May 12 22:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Received disconnect from 14.103.114.195 port 39672:11: Bye Bye [preauth]
May 12 22:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Disconnected from 14.103.114.195 port 39672 [preauth]
May 12 22:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212  user=root
May 12 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20906]: pam_unix(cron:session): session closed for user root
May 12 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Failed password for root from 68.183.81.212 port 35118 ssh2
May 12 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Received disconnect from 68.183.81.212 port 35118:11: Bye Bye [preauth]
May 12 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Disconnected from 68.183.81.212 port 35118 [preauth]
May 12 22:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: Invalid user LOOUIS from 27.252.59.193
May 12 22:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: input_userauth_request: invalid user LOOUIS [preauth]
May 12 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22590]: pam_unix(cron:session): session closed for user p13x
May 12 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22656]: Successful su for rubyman by root
May 12 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22656]: + ??? root:rubyman
May 12 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381512 of user rubyman.
May 12 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22656]: pam_unix(su:session): session closed for user rubyman
May 12 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381512.
May 12 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19562]: pam_unix(cron:session): session closed for user root
May 12 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: Failed password for invalid user LOOUIS from 27.252.59.193 port 51000 ssh2
May 12 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22591]: pam_unix(cron:session): session closed for user samftp
May 12 22:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Invalid user admin from 80.94.95.112
May 12 22:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: input_userauth_request: invalid user admin [preauth]
May 12 22:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 22:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Failed password for invalid user admin from 80.94.95.112 port 25256 ssh2
May 12 22:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Failed password for invalid user admin from 80.94.95.112 port 25256 ssh2
May 12 22:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Failed password for invalid user admin from 80.94.95.112 port 25256 ssh2
May 12 22:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Failed password for invalid user admin from 80.94.95.112 port 25256 ssh2
May 12 22:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Failed password for invalid user admin from 80.94.95.112 port 25256 ssh2
May 12 22:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Received disconnect from 80.94.95.112 port 25256:11: Bye [preauth]
May 12 22:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Disconnected from 80.94.95.112 port 25256 [preauth]
May 12 22:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 22:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21370]: pam_unix(cron:session): session closed for user root
May 12 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23060]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23059]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23057]: pam_unix(cron:session): session closed for user p13x
May 12 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: Successful su for rubyman by root
May 12 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: + ??? root:rubyman
May 12 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381516 of user rubyman.
May 12 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: pam_unix(su:session): session closed for user rubyman
May 12 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381516.
May 12 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19991]: pam_unix(cron:session): session closed for user root
May 12 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23058]: pam_unix(cron:session): session closed for user samftp
May 12 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: Failed password for invalid user LOOUIS from 27.252.59.193 port 51000 ssh2
May 12 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22110]: pam_unix(cron:session): session closed for user root
May 12 22:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: Failed password for root from 218.92.0.179 port 62005 ssh2
May 12 22:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 62005 ssh2]
May 12 22:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: Received disconnect from 218.92.0.179 port 62005:11:  [preauth]
May 12 22:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: Disconnected from 218.92.0.179 port 62005 [preauth]
May 12 22:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23561]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23562]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23562]: pam_unix(cron:session): session closed for user root
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23557]: pam_unix(cron:session): session closed for user p13x
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23634]: Successful su for rubyman by root
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23634]: + ??? root:rubyman
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381519 of user rubyman.
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23634]: pam_unix(su:session): session closed for user rubyman
May 12 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381519.
May 12 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session closed for user root
May 12 22:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20390]: pam_unix(cron:session): session closed for user root
May 12 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23558]: pam_unix(cron:session): session closed for user samftp
May 12 22:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session closed for user root
May 12 22:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: Invalid user LOUISS from 27.252.59.193
May 12 22:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: input_userauth_request: invalid user LOUISS [preauth]
May 12 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24122]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24123]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24120]: pam_unix(cron:session): session closed for user p13x
May 12 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24193]: Successful su for rubyman by root
May 12 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24193]: + ??? root:rubyman
May 12 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381526 of user rubyman.
May 12 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24193]: pam_unix(su:session): session closed for user rubyman
May 12 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381526.
May 12 22:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20905]: pam_unix(cron:session): session closed for user root
May 12 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24121]: pam_unix(cron:session): session closed for user samftp
May 12 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23060]: pam_unix(cron:session): session closed for user root
May 12 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24573]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24563]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24563]: pam_unix(cron:session): session closed for user root
May 12 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24566]: pam_unix(cron:session): session closed for user p13x
May 12 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24637]: Successful su for rubyman by root
May 12 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24637]: + ??? root:rubyman
May 12 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381529 of user rubyman.
May 12 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24637]: pam_unix(su:session): session closed for user rubyman
May 12 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381529.
May 12 22:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21369]: pam_unix(cron:session): session closed for user root
May 12 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24570]: pam_unix(cron:session): session closed for user samftp
May 12 22:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23561]: pam_unix(cron:session): session closed for user root
May 12 22:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212  user=root
May 12 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Failed password for root from 68.183.81.212 port 51844 ssh2
May 12 22:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Received disconnect from 68.183.81.212 port 51844:11: Bye Bye [preauth]
May 12 22:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Disconnected from 68.183.81.212 port 51844 [preauth]
May 12 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: Failed password for root from 218.92.0.179 port 41065 ssh2
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24993]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session closed for user p13x
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25052]: Successful su for rubyman by root
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25052]: + ??? root:rubyman
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381534 of user rubyman.
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25052]: pam_unix(su:session): session closed for user rubyman
May 12 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381534.
May 12 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: Failed password for root from 218.92.0.179 port 41065 ssh2
May 12 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session closed for user root
May 12 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: Failed password for root from 218.92.0.179 port 41065 ssh2
May 12 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: Received disconnect from 218.92.0.179 port 41065:11:  [preauth]
May 12 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: Disconnected from 218.92.0.179 port 41065 [preauth]
May 12 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24991]: pam_unix(cron:session): session closed for user samftp
May 12 22:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: Invalid user LOUIS from 27.252.59.193
May 12 22:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: input_userauth_request: invalid user LOUIS [preauth]
May 12 22:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: Failed password for invalid user LOUIS from 27.252.59.193 port 51905 ssh2
May 12 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24123]: pam_unix(cron:session): session closed for user root
May 12 22:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: Invalid user test from 45.6.188.43
May 12 22:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: input_userauth_request: invalid user test [preauth]
May 12 22:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 12 22:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: Failed password for invalid user test from 45.6.188.43 port 42788 ssh2
May 12 22:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: Connection closed by 45.6.188.43 port 42788 [preauth]
May 12 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25415]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25417]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25413]: pam_unix(cron:session): session closed for user p13x
May 12 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25474]: Successful su for rubyman by root
May 12 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25474]: + ??? root:rubyman
May 12 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381539 of user rubyman.
May 12 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25474]: pam_unix(su:session): session closed for user rubyman
May 12 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381539.
May 12 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session closed for user root
May 12 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25414]: pam_unix(cron:session): session closed for user samftp
May 12 22:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24573]: pam_unix(cron:session): session closed for user root
May 12 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25891]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25893]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25892]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25895]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25895]: pam_unix(cron:session): session closed for user root
May 12 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25889]: pam_unix(cron:session): session closed for user p13x
May 12 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25975]: Successful su for rubyman by root
May 12 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25975]: + ??? root:rubyman
May 12 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381543 of user rubyman.
May 12 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25975]: pam_unix(su:session): session closed for user rubyman
May 12 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381543.
May 12 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25891]: pam_unix(cron:session): session closed for user root
May 12 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23059]: pam_unix(cron:session): session closed for user root
May 12 22:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25890]: pam_unix(cron:session): session closed for user samftp
May 12 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24993]: pam_unix(cron:session): session closed for user root
May 12 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26349]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26345]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26343]: pam_unix(cron:session): session closed for user p13x
May 12 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26415]: Successful su for rubyman by root
May 12 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26415]: + ??? root:rubyman
May 12 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381548 of user rubyman.
May 12 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26415]: pam_unix(su:session): session closed for user rubyman
May 12 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381548.
May 12 22:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session closed for user root
May 12 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26344]: pam_unix(cron:session): session closed for user samftp
May 12 22:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Failed password for root from 218.92.0.179 port 54258 ssh2
May 12 22:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Failed password for root from 218.92.0.179 port 54258 ssh2
May 12 22:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Received disconnect from 218.92.0.179 port 54258:11:  [preauth]
May 12 22:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Disconnected from 218.92.0.179 port 54258 [preauth]
May 12 22:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.195  user=root
May 12 22:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26724]: Failed password for root from 14.103.114.195 port 35920 ssh2
May 12 22:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26724]: Received disconnect from 14.103.114.195 port 35920:11: Bye Bye [preauth]
May 12 22:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26724]: Disconnected from 14.103.114.195 port 35920 [preauth]
May 12 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25417]: pam_unix(cron:session): session closed for user root
May 12 22:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May 12 22:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Failed password for root from 218.92.0.215 port 32416 ssh2
May 12 22:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Invalid user LOUIS from 27.252.59.193
May 12 22:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: input_userauth_request: invalid user LOUIS [preauth]
May 12 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26889]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26885]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26882]: pam_unix(cron:session): session closed for user p13x
May 12 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26982]: Successful su for rubyman by root
May 12 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26982]: + ??? root:rubyman
May 12 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381552 of user rubyman.
May 12 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26982]: pam_unix(su:session): session closed for user rubyman
May 12 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381552.
May 12 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24122]: pam_unix(cron:session): session closed for user root
May 12 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26883]: pam_unix(cron:session): session closed for user samftp
May 12 22:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25893]: pam_unix(cron:session): session closed for user root
May 12 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Failed none for invalid user LOUIS from 27.252.59.193 port 52155 ssh2
May 12 22:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27386]: Failed password for root from 218.92.0.179 port 45322 ssh2
May 12 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27386]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45322 ssh2]
May 12 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27386]: Received disconnect from 218.92.0.179 port 45322:11:  [preauth]
May 12 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27386]: Disconnected from 218.92.0.179 port 45322 [preauth]
May 12 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27386]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Invalid user mc from 68.183.81.212
May 12 22:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: input_userauth_request: invalid user mc [preauth]
May 12 22:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Failed password for invalid user mc from 68.183.81.212 port 33416 ssh2
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Received disconnect from 68.183.81.212 port 33416:11: Bye Bye [preauth]
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Disconnected from 68.183.81.212 port 33416 [preauth]
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27452]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27450]: pam_unix(cron:session): session closed for user p13x
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27540]: Successful su for rubyman by root
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27540]: + ??? root:rubyman
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381556 of user rubyman.
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27540]: pam_unix(su:session): session closed for user rubyman
May 12 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381556.
May 12 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session closed for user root
May 12 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27451]: pam_unix(cron:session): session closed for user samftp
May 12 22:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Failed password for invalid user LOUIS from 27.252.59.193 port 52155 ssh2
May 12 22:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26349]: pam_unix(cron:session): session closed for user root
May 12 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27913]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27911]: pam_unix(cron:session): session closed for user p13x
May 12 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27976]: Successful su for rubyman by root
May 12 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27976]: + ??? root:rubyman
May 12 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381560 of user rubyman.
May 12 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27976]: pam_unix(su:session): session closed for user rubyman
May 12 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381560.
May 12 22:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session closed for user root
May 12 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27912]: pam_unix(cron:session): session closed for user samftp
May 12 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26889]: pam_unix(cron:session): session closed for user root
May 12 22:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May 12 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Failed password for root from 190.103.202.7 port 37438 ssh2
May 12 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Connection closed by 190.103.202.7 port 37438 [preauth]
May 12 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28322]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28321]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28323]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session closed for user root
May 12 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28319]: pam_unix(cron:session): session closed for user p13x
May 12 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: Successful su for rubyman by root
May 12 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: + ??? root:rubyman
May 12 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381564 of user rubyman.
May 12 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: pam_unix(su:session): session closed for user rubyman
May 12 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381564.
May 12 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28321]: pam_unix(cron:session): session closed for user root
May 12 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25415]: pam_unix(cron:session): session closed for user root
May 12 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28320]: pam_unix(cron:session): session closed for user samftp
May 12 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session closed for user root
May 12 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28764]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28763]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28761]: pam_unix(cron:session): session closed for user p13x
May 12 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28829]: Successful su for rubyman by root
May 12 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28829]: + ??? root:rubyman
May 12 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381570 of user rubyman.
May 12 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28829]: pam_unix(su:session): session closed for user rubyman
May 12 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381570.
May 12 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25892]: pam_unix(cron:session): session closed for user root
May 12 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28762]: pam_unix(cron:session): session closed for user samftp
May 12 22:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Failed password for root from 218.92.0.179 port 18398 ssh2
May 12 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18398 ssh2]
May 12 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Received disconnect from 218.92.0.179 port 18398:11:  [preauth]
May 12 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Disconnected from 218.92.0.179 port 18398 [preauth]
May 12 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session closed for user root
May 12 22:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: Invalid user LOUIS from 27.252.59.193
May 12 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: input_userauth_request: invalid user LOUIS [preauth]
May 12 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29280]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29279]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29276]: pam_unix(cron:session): session closed for user p13x
May 12 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29338]: Successful su for rubyman by root
May 12 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29338]: + ??? root:rubyman
May 12 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381574 of user rubyman.
May 12 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29338]: pam_unix(su:session): session closed for user rubyman
May 12 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381574.
May 12 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26345]: pam_unix(cron:session): session closed for user root
May 12 22:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29278]: pam_unix(cron:session): session closed for user samftp
May 12 22:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: Did not receive identification string from 196.251.114.29
May 12 22:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: Failed password for invalid user LOUIS from 27.252.59.193 port 52372 ssh2
May 12 22:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28323]: pam_unix(cron:session): session closed for user root
May 12 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29697]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29699]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29695]: pam_unix(cron:session): session closed for user p13x
May 12 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29761]: Successful su for rubyman by root
May 12 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29761]: + ??? root:rubyman
May 12 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381580 of user rubyman.
May 12 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29761]: pam_unix(su:session): session closed for user rubyman
May 12 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381580.
May 12 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26885]: pam_unix(cron:session): session closed for user root
May 12 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29696]: pam_unix(cron:session): session closed for user samftp
May 12 22:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212  user=root
May 12 22:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: Failed password for root from 68.183.81.212 port 57012 ssh2
May 12 22:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: Received disconnect from 68.183.81.212 port 57012:11: Bye Bye [preauth]
May 12 22:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: Disconnected from 68.183.81.212 port 57012 [preauth]
May 12 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28764]: pam_unix(cron:session): session closed for user root
May 12 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30103]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30104]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30100]: pam_unix(cron:session): session closed for user p13x
May 12 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30162]: Successful su for rubyman by root
May 12 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30162]: + ??? root:rubyman
May 12 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381582 of user rubyman.
May 12 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30162]: pam_unix(su:session): session closed for user rubyman
May 12 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381582.
May 12 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27452]: pam_unix(cron:session): session closed for user root
May 12 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30102]: pam_unix(cron:session): session closed for user samftp
May 12 22:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30354]: Invalid user abcd from 193.32.162.157
May 12 22:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30354]: input_userauth_request: invalid user abcd [preauth]
May 12 22:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30354]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 22:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30354]: Failed password for invalid user abcd from 193.32.162.157 port 61100 ssh2
May 12 22:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30354]: Connection closed by 193.32.162.157 port 61100 [preauth]
May 12 22:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29280]: pam_unix(cron:session): session closed for user root
May 12 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: Invalid user Louius from 27.252.59.193
May 12 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: input_userauth_request: invalid user Louius [preauth]
May 12 22:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: Invalid user zyx from 193.32.162.157
May 12 22:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: input_userauth_request: invalid user zyx [preauth]
May 12 22:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 22:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: Failed password for invalid user zyx from 193.32.162.157 port 21190 ssh2
May 12 22:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: Connection closed by 193.32.162.157 port 21190 [preauth]
May 12 22:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: Failed password for invalid user Louius from 27.252.59.193 port 52482 ssh2
May 12 22:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30476]: Invalid user abc1 from 193.32.162.157
May 12 22:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30476]: input_userauth_request: invalid user abc1 [preauth]
May 12 22:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30476]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30507]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30510]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30511]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30509]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30511]: pam_unix(cron:session): session closed for user root
May 12 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30505]: pam_unix(cron:session): session closed for user p13x
May 12 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30571]: Successful su for rubyman by root
May 12 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30571]: + ??? root:rubyman
May 12 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381588 of user rubyman.
May 12 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30571]: pam_unix(su:session): session closed for user rubyman
May 12 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381588.
May 12 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30476]: Failed password for invalid user abc1 from 193.32.162.157 port 54496 ssh2
May 12 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30507]: pam_unix(cron:session): session closed for user root
May 12 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27913]: pam_unix(cron:session): session closed for user root
May 12 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30476]: Connection closed by 193.32.162.157 port 54496 [preauth]
May 12 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30506]: pam_unix(cron:session): session closed for user samftp
May 12 22:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Invalid user zt from 193.32.162.157
May 12 22:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: input_userauth_request: invalid user zt [preauth]
May 12 22:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 22:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Invalid user mc from 14.103.114.195
May 12 22:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: input_userauth_request: invalid user mc [preauth]
May 12 22:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.195
May 12 22:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for invalid user zt from 193.32.162.157 port 17380 ssh2
May 12 22:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Connection closed by 193.32.162.157 port 17380 [preauth]
May 12 22:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Failed password for invalid user mc from 14.103.114.195 port 37404 ssh2
May 12 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29699]: pam_unix(cron:session): session closed for user root
May 12 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: Invalid user abc from 193.32.162.157
May 12 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: input_userauth_request: invalid user abc [preauth]
May 12 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 22:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: Failed password for invalid user abc from 193.32.162.157 port 47050 ssh2
May 12 22:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: Connection closed by 193.32.162.157 port 47050 [preauth]
May 12 22:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30997]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30990]: pam_unix(cron:session): session closed for user p13x
May 12 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31098]: Successful su for rubyman by root
May 12 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31098]: + ??? root:rubyman
May 12 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381592 of user rubyman.
May 12 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31098]: pam_unix(su:session): session closed for user rubyman
May 12 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381592.
May 12 22:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: Connection closed by 27.252.59.193 port 52482 [preauth]
May 12 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28322]: pam_unix(cron:session): session closed for user root
May 12 22:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30991]: pam_unix(cron:session): session closed for user samftp
May 12 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Invalid user Loouiis from 27.252.59.193
May 12 22:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: input_userauth_request: invalid user Loouiis [preauth]
May 12 22:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Failed password for invalid user Loouiis from 27.252.59.193 port 52578 ssh2
May 12 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30104]: pam_unix(cron:session): session closed for user root
May 12 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31449]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31448]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31446]: pam_unix(cron:session): session closed for user p13x
May 12 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31515]: Successful su for rubyman by root
May 12 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31515]: + ??? root:rubyman
May 12 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381598 of user rubyman.
May 12 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31515]: pam_unix(su:session): session closed for user rubyman
May 12 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381598.
May 12 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28763]: pam_unix(cron:session): session closed for user root
May 12 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31447]: pam_unix(cron:session): session closed for user samftp
May 12 22:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30510]: pam_unix(cron:session): session closed for user root
May 12 22:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Failed password for invalid user Loouiis from 27.252.59.193 port 52578 ssh2
May 12 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session closed for user p13x
May 12 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32040]: Successful su for rubyman by root
May 12 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32040]: + ??? root:rubyman
May 12 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381602 of user rubyman.
May 12 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32040]: pam_unix(su:session): session closed for user rubyman
May 12 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381602.
May 12 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29279]: pam_unix(cron:session): session closed for user root
May 12 22:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session closed for user samftp
May 12 22:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212  user=root
May 12 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30997]: pam_unix(cron:session): session closed for user root
May 12 22:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Failed password for root from 68.183.81.212 port 54080 ssh2
May 12 22:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Received disconnect from 68.183.81.212 port 54080:11: Bye Bye [preauth]
May 12 22:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Disconnected from 68.183.81.212 port 54080 [preauth]
May 12 22:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32621]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32622]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32615]: pam_unix(cron:session): session closed for user p13x
May 12 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32764]: Successful su for rubyman by root
May 12 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32764]: + ??? root:rubyman
May 12 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381604 of user rubyman.
May 12 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32764]: pam_unix(su:session): session closed for user rubyman
May 12 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381604.
May 12 22:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29697]: pam_unix(cron:session): session closed for user root
May 12 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32620]: pam_unix(cron:session): session closed for user samftp
May 12 22:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Invalid user r00t from 193.70.84.184
May 12 22:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: input_userauth_request: invalid user r00t [preauth]
May 12 22:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May 12 22:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Failed password for invalid user r00t from 193.70.84.184 port 54252 ssh2
May 12 22:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Connection closed by 193.70.84.184 port 54252 [preauth]
May 12 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31449]: pam_unix(cron:session): session closed for user root
May 12 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[747]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[743]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[747]: pam_unix(cron:session): session closed for user root
May 12 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[739]: pam_unix(cron:session): session closed for user p13x
May 12 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: Successful su for rubyman by root
May 12 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: + ??? root:rubyman
May 12 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381609 of user rubyman.
May 12 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: pam_unix(su:session): session closed for user rubyman
May 12 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381609.
May 12 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session closed for user root
May 12 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: Invalid user LOUIS from 27.252.59.193
May 12 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: input_userauth_request: invalid user LOUIS [preauth]
May 12 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30103]: pam_unix(cron:session): session closed for user root
May 12 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[740]: pam_unix(cron:session): session closed for user samftp
May 12 22:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: Failed password for invalid user LOUIS from 27.252.59.193 port 52755 ssh2
May 12 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session closed for user root
May 12 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1263]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1264]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1260]: pam_unix(cron:session): session closed for user p13x
May 12 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1340]: Successful su for rubyman by root
May 12 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1340]: + ??? root:rubyman
May 12 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381616 of user rubyman.
May 12 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1340]: pam_unix(su:session): session closed for user rubyman
May 12 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381616.
May 12 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30509]: pam_unix(cron:session): session closed for user root
May 12 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1261]: pam_unix(cron:session): session closed for user samftp
May 12 22:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32622]: pam_unix(cron:session): session closed for user root
May 12 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: Failed password for root from 218.92.0.179 port 45509 ssh2
May 12 22:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45509 ssh2]
May 12 22:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: Received disconnect from 218.92.0.179 port 45509:11:  [preauth]
May 12 22:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: Disconnected from 218.92.0.179 port 45509 [preauth]
May 12 22:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1751]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1753]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1749]: pam_unix(cron:session): session closed for user p13x
May 12 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1824]: Successful su for rubyman by root
May 12 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1824]: + ??? root:rubyman
May 12 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381620 of user rubyman.
May 12 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1824]: pam_unix(su:session): session closed for user rubyman
May 12 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381620.
May 12 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session closed for user root
May 12 22:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1750]: pam_unix(cron:session): session closed for user samftp
May 12 22:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Invalid user 7 from 164.68.105.9
May 12 22:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: input_userauth_request: invalid user 7 [preauth]
May 12 22:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May 12 22:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Failed password for invalid user 7 from 164.68.105.9 port 46914 ssh2
May 12 22:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Connection closed by 164.68.105.9 port 46914 [preauth]
May 12 22:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Invalid user wtq from 190.103.202.7
May 12 22:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: input_userauth_request: invalid user wtq [preauth]
May 12 22:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 22:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Failed password for invalid user wtq from 190.103.202.7 port 38464 ssh2
May 12 22:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Connection closed by 190.103.202.7 port 38464 [preauth]
May 12 22:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session closed for user root
May 12 22:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2262]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2263]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2259]: pam_unix(cron:session): session closed for user p13x
May 12 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2322]: Successful su for rubyman by root
May 12 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2322]: + ??? root:rubyman
May 12 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381623 of user rubyman.
May 12 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2322]: pam_unix(su:session): session closed for user rubyman
May 12 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381623.
May 12 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31448]: pam_unix(cron:session): session closed for user root
May 12 22:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2261]: pam_unix(cron:session): session closed for user samftp
May 12 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1264]: pam_unix(cron:session): session closed for user root
May 12 22:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2247]: Invalid user LOUISS from 27.252.59.193
May 12 22:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2247]: input_userauth_request: invalid user LOUISS [preauth]
May 12 22:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212  user=root
May 12 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: Failed password for root from 68.183.81.212 port 51840 ssh2
May 12 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2247]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: Received disconnect from 68.183.81.212 port 51840:11: Bye Bye [preauth]
May 12 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: Disconnected from 68.183.81.212 port 51840 [preauth]
May 12 22:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2247]: Failed password for invalid user LOUISS from 27.252.59.193 port 52866 ssh2
May 12 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2715]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2716]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2713]: pam_unix(cron:session): session closed for user p13x
May 12 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2838]: Successful su for rubyman by root
May 12 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2838]: + ??? root:rubyman
May 12 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381628 of user rubyman.
May 12 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2838]: pam_unix(su:session): session closed for user rubyman
May 12 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381628.
May 12 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session closed for user root
May 12 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session closed for user root
May 12 22:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2714]: pam_unix(cron:session): session closed for user samftp
May 12 22:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Invalid user system from 14.103.114.195
May 12 22:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: input_userauth_request: invalid user system [preauth]
May 12 22:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.195
May 12 22:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Failed password for invalid user system from 14.103.114.195 port 38414 ssh2
May 12 22:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Received disconnect from 14.103.114.195 port 38414:11: Bye Bye [preauth]
May 12 22:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Disconnected from 14.103.114.195 port 38414 [preauth]
May 12 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1753]: pam_unix(cron:session): session closed for user root
May 12 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2247]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2247]: Failed password for invalid user LOUISS from 27.252.59.193 port 52866 ssh2
May 12 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3228]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session closed for user root
May 12 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3225]: pam_unix(cron:session): session closed for user p13x
May 12 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3292]: Successful su for rubyman by root
May 12 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3292]: + ??? root:rubyman
May 12 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381633 of user rubyman.
May 12 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3292]: pam_unix(su:session): session closed for user rubyman
May 12 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381633.
May 12 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session closed for user root
May 12 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32621]: pam_unix(cron:session): session closed for user root
May 12 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3226]: pam_unix(cron:session): session closed for user samftp
May 12 22:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2263]: pam_unix(cron:session): session closed for user root
May 12 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3715]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3714]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3712]: pam_unix(cron:session): session closed for user p13x
May 12 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3787]: Successful su for rubyman by root
May 12 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3787]: + ??? root:rubyman
May 12 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381637 of user rubyman.
May 12 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3787]: pam_unix(su:session): session closed for user rubyman
May 12 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381637.
May 12 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[743]: pam_unix(cron:session): session closed for user root
May 12 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3713]: pam_unix(cron:session): session closed for user samftp
May 12 22:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May 12 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4041]: Failed password for root from 50.235.31.47 port 34916 ssh2
May 12 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4041]: Connection closed by 50.235.31.47 port 34916 [preauth]
May 12 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2716]: pam_unix(cron:session): session closed for user root
May 12 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4171]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4170]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4168]: pam_unix(cron:session): session closed for user p13x
May 12 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4228]: Successful su for rubyman by root
May 12 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4228]: + ??? root:rubyman
May 12 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381641 of user rubyman.
May 12 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4228]: pam_unix(su:session): session closed for user rubyman
May 12 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381641.
May 12 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1263]: pam_unix(cron:session): session closed for user root
May 12 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4169]: pam_unix(cron:session): session closed for user samftp
May 12 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session closed for user root
May 12 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4733]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4734]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4731]: pam_unix(cron:session): session closed for user p13x
May 12 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4795]: Successful su for rubyman by root
May 12 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4795]: + ??? root:rubyman
May 12 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381645 of user rubyman.
May 12 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4795]: pam_unix(su:session): session closed for user rubyman
May 12 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381645.
May 12 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1751]: pam_unix(cron:session): session closed for user root
May 12 22:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4732]: pam_unix(cron:session): session closed for user samftp
May 12 22:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Invalid user LOUIISS from 27.252.59.193
May 12 22:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: input_userauth_request: invalid user LOUIISS [preauth]
May 12 22:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3715]: pam_unix(cron:session): session closed for user root
May 12 22:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Failed password for invalid user LOUIISS from 27.252.59.193 port 53316 ssh2
May 12 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session closed for user p13x
May 12 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: Successful su for rubyman by root
May 12 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: + ??? root:rubyman
May 12 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381650 of user rubyman.
May 12 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: pam_unix(su:session): session closed for user rubyman
May 12 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381650.
May 12 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2262]: pam_unix(cron:session): session closed for user root
May 12 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session closed for user samftp
May 12 22:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212  user=root
May 12 22:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5667]: Failed password for root from 68.183.81.212 port 56188 ssh2
May 12 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5667]: Received disconnect from 68.183.81.212 port 56188:11: Bye Bye [preauth]
May 12 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5667]: Disconnected from 68.183.81.212 port 56188 [preauth]
May 12 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Failed password for invalid user LOUIISS from 27.252.59.193 port 53316 ssh2
May 12 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4171]: pam_unix(cron:session): session closed for user root
May 12 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5897]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5898]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5896]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5899]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5899]: pam_unix(cron:session): session closed for user root
May 12 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5894]: pam_unix(cron:session): session closed for user p13x
May 12 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5972]: Successful su for rubyman by root
May 12 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5972]: + ??? root:rubyman
May 12 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381655 of user rubyman.
May 12 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5972]: pam_unix(su:session): session closed for user rubyman
May 12 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381655.
May 12 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5896]: pam_unix(cron:session): session closed for user root
May 12 22:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2715]: pam_unix(cron:session): session closed for user root
May 12 22:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5895]: pam_unix(cron:session): session closed for user samftp
May 12 22:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Invalid user admin from 80.94.95.112
May 12 22:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: input_userauth_request: invalid user admin [preauth]
May 12 22:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Failed password for invalid user admin from 80.94.95.112 port 33798 ssh2
May 12 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4734]: pam_unix(cron:session): session closed for user root
May 12 22:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Failed password for invalid user admin from 80.94.95.112 port 33798 ssh2
May 12 22:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Failed password for invalid user admin from 80.94.95.112 port 33798 ssh2
May 12 22:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Failed password for invalid user admin from 80.94.95.112 port 33798 ssh2
May 12 22:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Failed password for invalid user admin from 80.94.95.112 port 33798 ssh2
May 12 22:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Received disconnect from 80.94.95.112 port 33798:11: Bye [preauth]
May 12 22:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Disconnected from 80.94.95.112 port 33798 [preauth]
May 12 22:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 22:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6359]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6360]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6357]: pam_unix(cron:session): session closed for user p13x
May 12 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6425]: Successful su for rubyman by root
May 12 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6425]: + ??? root:rubyman
May 12 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381659 of user rubyman.
May 12 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6425]: pam_unix(su:session): session closed for user rubyman
May 12 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381659.
May 12 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3228]: pam_unix(cron:session): session closed for user root
May 12 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6358]: pam_unix(cron:session): session closed for user samftp
May 12 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session closed for user root
May 12 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6769]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session closed for user p13x
May 12 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: Successful su for rubyman by root
May 12 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: + ??? root:rubyman
May 12 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381664 of user rubyman.
May 12 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: pam_unix(su:session): session closed for user rubyman
May 12 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381664.
May 12 22:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3714]: pam_unix(cron:session): session closed for user root
May 12 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session closed for user samftp
May 12 22:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7111]: Invalid user LOUIS from 27.252.59.193
May 12 22:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7111]: input_userauth_request: invalid user LOUIS [preauth]
May 12 22:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7111]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7111]: Failed password for invalid user LOUIS from 27.252.59.193 port 53491 ssh2
May 12 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5898]: pam_unix(cron:session): session closed for user root
May 12 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7293]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7292]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session closed for user p13x
May 12 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7348]: Successful su for rubyman by root
May 12 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7348]: + ??? root:rubyman
May 12 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381668 of user rubyman.
May 12 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7348]: pam_unix(su:session): session closed for user rubyman
May 12 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381668.
May 12 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4170]: pam_unix(cron:session): session closed for user root
May 12 22:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7291]: pam_unix(cron:session): session closed for user samftp
May 12 22:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7111]: Connection closed by 27.252.59.193 port 53491 [preauth]
May 12 22:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.195  user=root
May 12 22:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 22:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: Failed password for root from 14.103.114.195 port 58880 ssh2
May 12 22:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: Received disconnect from 14.103.114.195 port 58880:11: Bye Bye [preauth]
May 12 22:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: Disconnected from 14.103.114.195 port 58880 [preauth]
May 12 22:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: Failed password for root from 80.94.95.15 port 9219 ssh2
May 12 22:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6360]: pam_unix(cron:session): session closed for user root
May 12 22:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: Failed password for root from 80.94.95.15 port 9219 ssh2
May 12 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: message repeated 3 times: [ Failed password for root from 80.94.95.15 port 9219 ssh2]
May 12 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: Received disconnect from 80.94.95.15 port 9219:11: Bye [preauth]
May 12 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: Disconnected from 80.94.95.15 port 9219 [preauth]
May 12 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 12 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7814]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7813]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7809]: pam_unix(cron:session): session closed for user p13x
May 12 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7878]: Successful su for rubyman by root
May 12 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7878]: + ??? root:rubyman
May 12 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381672 of user rubyman.
May 12 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7878]: pam_unix(su:session): session closed for user rubyman
May 12 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381672.
May 12 22:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4733]: pam_unix(cron:session): session closed for user root
May 12 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7810]: pam_unix(cron:session): session closed for user samftp
May 12 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session closed for user root
May 12 22:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: Invalid user eda from 68.183.81.212
May 12 22:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: input_userauth_request: invalid user eda [preauth]
May 12 22:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212
May 12 22:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: Failed password for invalid user eda from 68.183.81.212 port 37898 ssh2
May 12 22:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: Received disconnect from 68.183.81.212 port 37898:11: Bye Bye [preauth]
May 12 22:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: Disconnected from 68.183.81.212 port 37898 [preauth]
May 12 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Failed password for root from 218.92.0.179 port 43825 ssh2
May 12 22:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 43825 ssh2]
May 12 22:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Received disconnect from 218.92.0.179 port 43825:11:  [preauth]
May 12 22:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Disconnected from 218.92.0.179 port 43825 [preauth]
May 12 22:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: Invalid user LOUIS from 27.252.59.193
May 12 22:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: input_userauth_request: invalid user LOUIS [preauth]
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8253]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8250]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8251]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8252]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8253]: pam_unix(cron:session): session closed for user root
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8248]: pam_unix(cron:session): session closed for user p13x
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8317]: Successful su for rubyman by root
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8317]: + ??? root:rubyman
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381679 of user rubyman.
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8317]: pam_unix(su:session): session closed for user rubyman
May 12 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381679.
May 12 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8250]: pam_unix(cron:session): session closed for user root
May 12 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session closed for user root
May 12 22:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8249]: pam_unix(cron:session): session closed for user samftp
May 12 22:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: Failed password for invalid user LOUIS from 27.252.59.193 port 53664 ssh2
May 12 22:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7293]: pam_unix(cron:session): session closed for user root
May 12 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8711]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8709]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8707]: pam_unix(cron:session): session closed for user p13x
May 12 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8778]: Successful su for rubyman by root
May 12 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8778]: + ??? root:rubyman
May 12 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381682 of user rubyman.
May 12 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8778]: pam_unix(su:session): session closed for user rubyman
May 12 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381682.
May 12 22:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5897]: pam_unix(cron:session): session closed for user root
May 12 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8708]: pam_unix(cron:session): session closed for user samftp
May 12 22:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7814]: pam_unix(cron:session): session closed for user root
May 12 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9211]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9212]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9209]: pam_unix(cron:session): session closed for user p13x
May 12 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9299]: Successful su for rubyman by root
May 12 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9299]: + ??? root:rubyman
May 12 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381687 of user rubyman.
May 12 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9299]: pam_unix(su:session): session closed for user rubyman
May 12 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381687.
May 12 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6359]: pam_unix(cron:session): session closed for user root
May 12 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9210]: pam_unix(cron:session): session closed for user samftp
May 12 22:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: Invalid user LOUIS from 27.252.59.193
May 12 22:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: input_userauth_request: invalid user LOUIS [preauth]
May 12 22:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: Failed password for invalid user LOUIS from 27.252.59.193 port 53771 ssh2
May 12 22:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8252]: pam_unix(cron:session): session closed for user root
May 12 22:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9641]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9642]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session closed for user p13x
May 12 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9703]: Successful su for rubyman by root
May 12 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9703]: + ??? root:rubyman
May 12 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381689 of user rubyman.
May 12 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9703]: pam_unix(su:session): session closed for user rubyman
May 12 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381689.
May 12 22:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6769]: pam_unix(cron:session): session closed for user root
May 12 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session closed for user samftp
May 12 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8711]: pam_unix(cron:session): session closed for user root
May 12 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10044]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10043]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10041]: pam_unix(cron:session): session closed for user p13x
May 12 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10110]: Successful su for rubyman by root
May 12 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10110]: + ??? root:rubyman
May 12 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381694 of user rubyman.
May 12 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10110]: pam_unix(su:session): session closed for user rubyman
May 12 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381694.
May 12 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7292]: pam_unix(cron:session): session closed for user root
May 12 22:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10042]: pam_unix(cron:session): session closed for user samftp
May 12 22:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Failed password for root from 218.92.0.179 port 22949 ssh2
May 12 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Failed password for root from 218.92.0.179 port 22949 ssh2
May 12 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9212]: pam_unix(cron:session): session closed for user root
May 12 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Failed password for root from 218.92.0.179 port 22949 ssh2
May 12 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Received disconnect from 218.92.0.179 port 22949:11:  [preauth]
May 12 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Disconnected from 218.92.0.179 port 22949 [preauth]
May 12 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212  user=root
May 12 22:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Failed password for root from 68.183.81.212 port 33670 ssh2
May 12 22:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Received disconnect from 68.183.81.212 port 33670:11: Bye Bye [preauth]
May 12 22:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Disconnected from 68.183.81.212 port 33670 [preauth]
May 12 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10561]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10563]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10560]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10562]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10563]: pam_unix(cron:session): session closed for user root
May 12 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10557]: pam_unix(cron:session): session closed for user p13x
May 12 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10648]: Successful su for rubyman by root
May 12 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10648]: + ??? root:rubyman
May 12 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381698 of user rubyman.
May 12 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10648]: pam_unix(su:session): session closed for user rubyman
May 12 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381698.
May 12 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10560]: pam_unix(cron:session): session closed for user root
May 12 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7813]: pam_unix(cron:session): session closed for user root
May 12 22:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10559]: pam_unix(cron:session): session closed for user samftp
May 12 22:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Invalid user LOUUSS from 27.252.59.193
May 12 22:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: input_userauth_request: invalid user LOUUSS [preauth]
May 12 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9642]: pam_unix(cron:session): session closed for user root
May 12 22:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Failed password for invalid user LOUUSS from 27.252.59.193 port 53915 ssh2
May 12 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Failed password for root from 218.92.0.179 port 33431 ssh2
May 12 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11048]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11049]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11046]: pam_unix(cron:session): session closed for user p13x
May 12 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11115]: Successful su for rubyman by root
May 12 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11115]: + ??? root:rubyman
May 12 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381704 of user rubyman.
May 12 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11115]: pam_unix(su:session): session closed for user rubyman
May 12 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381704.
May 12 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Failed password for root from 218.92.0.179 port 33431 ssh2
May 12 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8251]: pam_unix(cron:session): session closed for user root
May 12 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Failed password for root from 218.92.0.179 port 33431 ssh2
May 12 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Received disconnect from 218.92.0.179 port 33431:11:  [preauth]
May 12 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Disconnected from 218.92.0.179 port 33431 [preauth]
May 12 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session closed for user samftp
May 12 22:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Failed password for invalid user LOUUSS from 27.252.59.193 port 53915 ssh2
May 12 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: dispatch_protocol_error: type 90 seq 10 [preauth]
May 12 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: error: Received disconnect from 27.252.59.193 port 53915:2: Server protocol violation: unexpected SSH2_MSG_UNIMPLEMENTED packet [preauth]
May 12 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Disconnected from 27.252.59.193 port 53915 [preauth]
May 12 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10044]: pam_unix(cron:session): session closed for user root
May 12 22:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: Invalid user louiiiss from 27.252.59.193
May 12 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: input_userauth_request: invalid user louiiiss [preauth]
May 12 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11446]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11445]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11443]: pam_unix(cron:session): session closed for user p13x
May 12 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11513]: Successful su for rubyman by root
May 12 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11513]: + ??? root:rubyman
May 12 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381708 of user rubyman.
May 12 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11513]: pam_unix(su:session): session closed for user rubyman
May 12 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381708.
May 12 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8709]: pam_unix(cron:session): session closed for user root
May 12 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11444]: pam_unix(cron:session): session closed for user samftp
May 12 22:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: pam_unix(sshd:auth): check pass; user unknown
May 12 22:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.59.193
May 12 22:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: Failed password for invalid user louiiiss from 27.252.59.193 port 53957 ssh2
May 12 22:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.195  user=root
May 12 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10562]: pam_unix(cron:session): session closed for user root
May 12 22:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11767]: Failed password for root from 14.103.114.195 port 43396 ssh2
May 12 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: Connection closed by 27.252.59.193 port 53957 [preauth]
May 12 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11857]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11858]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11855]: pam_unix(cron:session): session closed for user p13x
May 12 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: Successful su for rubyman by root
May 12 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: + ??? root:rubyman
May 12 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381712 of user rubyman.
May 12 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: pam_unix(su:session): session closed for user rubyman
May 12 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381712.
May 12 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9211]: pam_unix(cron:session): session closed for user root
May 12 22:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11856]: pam_unix(cron:session): session closed for user samftp
May 12 22:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11049]: pam_unix(cron:session): session closed for user root
May 12 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12244]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12245]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12242]: pam_unix(cron:session): session closed for user p13x
May 12 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12315]: Successful su for rubyman by root
May 12 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12315]: + ??? root:rubyman
May 12 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381715 of user rubyman.
May 12 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12315]: pam_unix(su:session): session closed for user rubyman
May 12 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381715.
May 12 22:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9641]: pam_unix(cron:session): session closed for user root
May 12 22:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12243]: pam_unix(cron:session): session closed for user samftp
May 12 22:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 22:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: Failed password for root from 218.92.0.179 port 31327 ssh2
May 12 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 31327 ssh2]
May 12 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: Received disconnect from 218.92.0.179 port 31327:11:  [preauth]
May 12 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: Disconnected from 218.92.0.179 port 31327 [preauth]
May 12 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11446]: pam_unix(cron:session): session closed for user root
May 12 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12649]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12650]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12648]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session closed for user root
May 12 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12650]: pam_unix(cron:session): session closed for user root
May 12 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12644]: pam_unix(cron:session): session closed for user p13x
May 12 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12740]: Successful su for rubyman by root
May 12 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12740]: + ??? root:rubyman
May 12 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381722 of user rubyman.
May 12 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12740]: pam_unix(su:session): session closed for user rubyman
May 12 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381722.
May 12 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10043]: pam_unix(cron:session): session closed for user root
May 12 23:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session closed for user root
May 12 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212  user=root
May 12 23:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Failed password for root from 68.183.81.212 port 35306 ssh2
May 12 23:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session closed for user samftp
May 12 23:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Received disconnect from 68.183.81.212 port 35306:11: Bye Bye [preauth]
May 12 23:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Disconnected from 68.183.81.212 port 35306 [preauth]
May 12 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11858]: pam_unix(cron:session): session closed for user root
May 12 23:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13140]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13141]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13138]: pam_unix(cron:session): session closed for user p13x
May 12 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13206]: Successful su for rubyman by root
May 12 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13206]: + ??? root:rubyman
May 12 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381727 of user rubyman.
May 12 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13206]: pam_unix(su:session): session closed for user rubyman
May 12 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381727.
May 12 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Failed password for root from 218.92.0.179 port 52519 ssh2
May 12 23:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Failed password for root from 218.92.0.179 port 52519 ssh2
May 12 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10561]: pam_unix(cron:session): session closed for user root
May 12 23:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13139]: pam_unix(cron:session): session closed for user samftp
May 12 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Failed password for root from 218.92.0.179 port 52519 ssh2
May 12 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12245]: pam_unix(cron:session): session closed for user root
May 12 23:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Did not receive identification string from 193.32.162.185
May 12 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13644]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13645]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13641]: pam_unix(cron:session): session closed for user p13x
May 12 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13710]: Successful su for rubyman by root
May 12 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13710]: + ??? root:rubyman
May 12 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381730 of user rubyman.
May 12 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13710]: pam_unix(su:session): session closed for user rubyman
May 12 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381730.
May 12 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11048]: pam_unix(cron:session): session closed for user root
May 12 23:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session closed for user samftp
May 12 23:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12649]: pam_unix(cron:session): session closed for user root
May 12 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14055]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14056]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14053]: pam_unix(cron:session): session closed for user p13x
May 12 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14115]: Successful su for rubyman by root
May 12 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14115]: + ??? root:rubyman
May 12 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381736 of user rubyman.
May 12 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14115]: pam_unix(su:session): session closed for user rubyman
May 12 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381736.
May 12 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11445]: pam_unix(cron:session): session closed for user root
May 12 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14054]: pam_unix(cron:session): session closed for user samftp
May 12 23:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13141]: pam_unix(cron:session): session closed for user root
May 12 23:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Invalid user vipin from 122.176.122.24
May 12 23:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: input_userauth_request: invalid user vipin [preauth]
May 12 23:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 12 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14457]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14456]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14454]: pam_unix(cron:session): session closed for user p13x
May 12 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: Successful su for rubyman by root
May 12 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: + ??? root:rubyman
May 12 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381741 of user rubyman.
May 12 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: pam_unix(su:session): session closed for user rubyman
May 12 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381741.
May 12 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Failed password for invalid user vipin from 122.176.122.24 port 36382 ssh2
May 12 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Received disconnect from 122.176.122.24 port 36382:11: Bye Bye [preauth]
May 12 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Disconnected from 122.176.122.24 port 36382 [preauth]
May 12 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11857]: pam_unix(cron:session): session closed for user root
May 12 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14455]: pam_unix(cron:session): session closed for user samftp
May 12 23:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14717]: Received disconnect from 218.92.0.179 port 35106:11:  [preauth]
May 12 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14717]: Disconnected from 218.92.0.179 port 35106 [preauth]
May 12 23:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13645]: pam_unix(cron:session): session closed for user root
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14867]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14866]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session closed for user root
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14864]: pam_unix(cron:session): session closed for user p13x
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14947]: Successful su for rubyman by root
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14947]: + ??? root:rubyman
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381744 of user rubyman.
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14947]: pam_unix(su:session): session closed for user rubyman
May 12 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381744.
May 12 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12244]: pam_unix(cron:session): session closed for user root
May 12 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14866]: pam_unix(cron:session): session closed for user root
May 12 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14865]: pam_unix(cron:session): session closed for user samftp
May 12 23:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Failed password for root from 218.92.0.179 port 24447 ssh2
May 12 23:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Failed password for root from 218.92.0.179 port 24447 ssh2
May 12 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: Invalid user virtual from 68.183.81.212
May 12 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: input_userauth_request: invalid user virtual [preauth]
May 12 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212
May 12 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Failed password for root from 218.92.0.179 port 24447 ssh2
May 12 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: Failed password for invalid user virtual from 68.183.81.212 port 45146 ssh2
May 12 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Received disconnect from 218.92.0.179 port 24447:11:  [preauth]
May 12 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Disconnected from 218.92.0.179 port 24447 [preauth]
May 12 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: Received disconnect from 68.183.81.212 port 45146:11: Bye Bye [preauth]
May 12 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: Disconnected from 68.183.81.212 port 45146 [preauth]
May 12 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14056]: pam_unix(cron:session): session closed for user root
May 12 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session closed for user p13x
May 12 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15374]: Successful su for rubyman by root
May 12 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15374]: + ??? root:rubyman
May 12 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381751 of user rubyman.
May 12 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15374]: pam_unix(su:session): session closed for user rubyman
May 12 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381751.
May 12 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12648]: pam_unix(cron:session): session closed for user root
May 12 23:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15306]: pam_unix(cron:session): session closed for user samftp
May 12 23:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14457]: pam_unix(cron:session): session closed for user root
May 12 23:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15715]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15714]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session closed for user p13x
May 12 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15774]: Successful su for rubyman by root
May 12 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15774]: + ??? root:rubyman
May 12 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381754 of user rubyman.
May 12 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15774]: pam_unix(su:session): session closed for user rubyman
May 12 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381754.
May 12 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13140]: pam_unix(cron:session): session closed for user root
May 12 23:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15713]: pam_unix(cron:session): session closed for user samftp
May 12 23:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session closed for user root
May 12 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16109]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16108]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16106]: pam_unix(cron:session): session closed for user p13x
May 12 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16166]: Successful su for rubyman by root
May 12 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16166]: + ??? root:rubyman
May 12 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381757 of user rubyman.
May 12 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16166]: pam_unix(su:session): session closed for user rubyman
May 12 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381757.
May 12 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13644]: pam_unix(cron:session): session closed for user root
May 12 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16107]: pam_unix(cron:session): session closed for user samftp
May 12 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session closed for user root
May 12 23:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session closed for user p13x
May 12 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16667]: Successful su for rubyman by root
May 12 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16667]: + ??? root:rubyman
May 12 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381761 of user rubyman.
May 12 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16667]: pam_unix(su:session): session closed for user rubyman
May 12 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381761.
May 12 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session closed for user root
May 12 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14055]: pam_unix(cron:session): session closed for user root
May 12 23:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session closed for user samftp
May 12 23:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Connection reset by 218.92.0.179 port 54864 [preauth]
May 12 23:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15715]: pam_unix(cron:session): session closed for user root
May 12 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17065]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17064]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17066]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17066]: pam_unix(cron:session): session closed for user root
May 12 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session closed for user p13x
May 12 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: Successful su for rubyman by root
May 12 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: + ??? root:rubyman
May 12 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381766 of user rubyman.
May 12 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: pam_unix(su:session): session closed for user rubyman
May 12 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381766.
May 12 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14456]: pam_unix(cron:session): session closed for user root
May 12 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session closed for user root
May 12 23:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session closed for user samftp
May 12 23:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: Failed password for root from 218.92.0.179 port 53704 ssh2
May 12 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 53704 ssh2]
May 12 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: Received disconnect from 218.92.0.179 port 53704:11:  [preauth]
May 12 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: Disconnected from 218.92.0.179 port 53704 [preauth]
May 12 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16109]: pam_unix(cron:session): session closed for user root
May 12 23:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: Invalid user myuser from 68.183.81.212
May 12 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: input_userauth_request: invalid user myuser [preauth]
May 12 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.81.212
May 12 23:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: Failed password for invalid user myuser from 68.183.81.212 port 45238 ssh2
May 12 23:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: Received disconnect from 68.183.81.212 port 45238:11: Bye Bye [preauth]
May 12 23:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: Disconnected from 68.183.81.212 port 45238 [preauth]
May 12 23:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Invalid user ubuntu from 34.85.163.94
May 12 23:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: input_userauth_request: invalid user ubuntu [preauth]
May 12 23:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 12 23:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Failed password for invalid user ubuntu from 34.85.163.94 port 49816 ssh2
May 12 23:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Received disconnect from 34.85.163.94 port 49816:11: Bye Bye [preauth]
May 12 23:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Disconnected from 34.85.163.94 port 49816 [preauth]
May 12 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17513]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session closed for user p13x
May 12 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17585]: Successful su for rubyman by root
May 12 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17585]: + ??? root:rubyman
May 12 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381772 of user rubyman.
May 12 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17585]: pam_unix(su:session): session closed for user rubyman
May 12 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381772.
May 12 23:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14867]: pam_unix(cron:session): session closed for user root
May 12 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17512]: pam_unix(cron:session): session closed for user samftp
May 12 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session closed for user root
May 12 23:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18055]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session closed for user p13x
May 12 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18119]: Successful su for rubyman by root
May 12 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18119]: + ??? root:rubyman
May 12 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381777 of user rubyman.
May 12 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18119]: pam_unix(su:session): session closed for user rubyman
May 12 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381777.
May 12 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session closed for user root
May 12 23:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session closed for user samftp
May 12 23:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17065]: pam_unix(cron:session): session closed for user root
May 12 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18466]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18463]: pam_unix(cron:session): session closed for user p13x
May 12 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18525]: Successful su for rubyman by root
May 12 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18525]: + ??? root:rubyman
May 12 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381779 of user rubyman.
May 12 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18525]: pam_unix(su:session): session closed for user rubyman
May 12 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381779.
May 12 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15714]: pam_unix(cron:session): session closed for user root
May 12 23:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18464]: pam_unix(cron:session): session closed for user samftp
May 12 23:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session closed for user root
May 12 23:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: Invalid user ethereum from 193.32.162.157
May 12 23:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: input_userauth_request: invalid user ethereum [preauth]
May 12 23:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: Failed password for invalid user ethereum from 193.32.162.157 port 38990 ssh2
May 12 23:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: Connection closed by 193.32.162.157 port 38990 [preauth]
May 12 23:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18876]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18875]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18873]: pam_unix(cron:session): session closed for user p13x
May 12 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: Successful su for rubyman by root
May 12 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: + ??? root:rubyman
May 12 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381786 of user rubyman.
May 12 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: pam_unix(su:session): session closed for user rubyman
May 12 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381786.
May 12 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16108]: pam_unix(cron:session): session closed for user root
May 12 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Invalid user aaron from 193.32.162.157
May 12 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: input_userauth_request: invalid user aaron [preauth]
May 12 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 23:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18874]: pam_unix(cron:session): session closed for user samftp
May 12 23:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Failed password for invalid user aaron from 193.32.162.157 port 12482 ssh2
May 12 23:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Connection closed by 193.32.162.157 port 12482 [preauth]
May 12 23:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19132]: Invalid user monero from 193.32.162.157
May 12 23:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19132]: input_userauth_request: invalid user monero [preauth]
May 12 23:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19132]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 23:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19132]: Failed password for invalid user monero from 193.32.162.157 port 27016 ssh2
May 12 23:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19132]: Connection closed by 193.32.162.157 port 27016 [preauth]
May 12 23:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18055]: pam_unix(cron:session): session closed for user root
May 12 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: Invalid user bbb from 193.32.162.157
May 12 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: input_userauth_request: invalid user bbb [preauth]
May 12 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 23:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: Failed password for invalid user bbb from 193.32.162.157 port 64606 ssh2
May 12 23:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: Failed password for root from 218.92.0.179 port 52048 ssh2
May 12 23:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: Failed password for root from 218.92.0.179 port 52048 ssh2
May 12 23:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: Connection closed by 193.32.162.157 port 64606 [preauth]
May 12 23:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: Failed password for root from 218.92.0.179 port 52048 ssh2
May 12 23:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: Received disconnect from 218.92.0.179 port 52048:11:  [preauth]
May 12 23:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: Disconnected from 218.92.0.179 port 52048 [preauth]
May 12 23:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19265]: Invalid user kubernetes from 193.32.162.157
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19265]: input_userauth_request: invalid user kubernetes [preauth]
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19265]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19289]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19288]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session closed for user root
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19286]: pam_unix(cron:session): session closed for user p13x
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19357]: Successful su for rubyman by root
May 12 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19357]: + ??? root:rubyman
May 12 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381790 of user rubyman.
May 12 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19357]: pam_unix(su:session): session closed for user rubyman
May 12 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381790.
May 12 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19265]: Failed password for invalid user kubernetes from 193.32.162.157 port 59666 ssh2
May 12 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19288]: pam_unix(cron:session): session closed for user root
May 12 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Invalid user webmaster from 45.6.188.43
May 12 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: input_userauth_request: invalid user webmaster [preauth]
May 12 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 12 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session closed for user root
May 12 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19265]: Connection closed by 193.32.162.157 port 59666 [preauth]
May 12 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session closed for user samftp
May 12 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Failed password for invalid user webmaster from 45.6.188.43 port 41896 ssh2
May 12 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Connection closed by 45.6.188.43 port 41896 [preauth]
May 12 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18466]: pam_unix(cron:session): session closed for user root
May 12 23:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19693]: Invalid user  from 143.47.106.2
May 12 23:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19693]: input_userauth_request: invalid user  [preauth]
May 12 23:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19693]: Connection closed by 143.47.106.2 port 37760 [preauth]
May 12 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19755]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19756]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19753]: pam_unix(cron:session): session closed for user p13x
May 12 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19819]: Successful su for rubyman by root
May 12 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19819]: + ??? root:rubyman
May 12 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381793 of user rubyman.
May 12 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19819]: pam_unix(su:session): session closed for user rubyman
May 12 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381793.
May 12 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17064]: pam_unix(cron:session): session closed for user root
May 12 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19754]: pam_unix(cron:session): session closed for user samftp
May 12 23:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24  user=root
May 12 23:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for root from 122.176.122.24 port 38084 ssh2
May 12 23:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Received disconnect from 122.176.122.24 port 38084:11: Bye Bye [preauth]
May 12 23:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Disconnected from 122.176.122.24 port 38084 [preauth]
May 12 23:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18876]: pam_unix(cron:session): session closed for user root
May 12 23:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: Failed password for root from 218.92.0.179 port 12594 ssh2
May 12 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 12594 ssh2]
May 12 23:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: Received disconnect from 218.92.0.179 port 12594:11:  [preauth]
May 12 23:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: Disconnected from 218.92.0.179 port 12594 [preauth]
May 12 23:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20178]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20179]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20173]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20173]: pam_unix(cron:session): session closed for user root
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20175]: pam_unix(cron:session): session closed for user p13x
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: Successful su for rubyman by root
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: + ??? root:rubyman
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381798 of user rubyman.
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: pam_unix(su:session): session closed for user rubyman
May 12 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381798.
May 12 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17513]: pam_unix(cron:session): session closed for user root
May 12 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session closed for user samftp
May 12 23:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session closed for user root
May 12 23:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Invalid user admin from 80.94.95.112
May 12 23:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: input_userauth_request: invalid user admin [preauth]
May 12 23:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 23:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Failed password for invalid user admin from 80.94.95.112 port 15493 ssh2
May 12 23:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Failed password for invalid user admin from 80.94.95.112 port 15493 ssh2
May 12 23:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Failed password for invalid user admin from 80.94.95.112 port 15493 ssh2
May 12 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Failed password for invalid user admin from 80.94.95.112 port 15493 ssh2
May 12 23:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Failed password for invalid user admin from 80.94.95.112 port 15493 ssh2
May 12 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Received disconnect from 80.94.95.112 port 15493:11: Bye [preauth]
May 12 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Disconnected from 80.94.95.112 port 15493 [preauth]
May 12 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20581]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20582]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20579]: pam_unix(cron:session): session closed for user p13x
May 12 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20642]: Successful su for rubyman by root
May 12 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20642]: + ??? root:rubyman
May 12 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381803 of user rubyman.
May 12 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20642]: pam_unix(su:session): session closed for user rubyman
May 12 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381803.
May 12 23:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session closed for user root
May 12 23:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20580]: pam_unix(cron:session): session closed for user samftp
May 12 23:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19756]: pam_unix(cron:session): session closed for user root
May 12 23:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Invalid user fermin from 34.85.163.94
May 12 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: input_userauth_request: invalid user fermin [preauth]
May 12 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 12 23:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Failed password for invalid user fermin from 34.85.163.94 port 33042 ssh2
May 12 23:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Received disconnect from 34.85.163.94 port 33042:11: Bye Bye [preauth]
May 12 23:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Disconnected from 34.85.163.94 port 33042 [preauth]
May 12 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21001]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20999]: pam_unix(cron:session): session closed for user p13x
May 12 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21062]: Successful su for rubyman by root
May 12 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21062]: + ??? root:rubyman
May 12 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381808 of user rubyman.
May 12 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21062]: pam_unix(su:session): session closed for user rubyman
May 12 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381808.
May 12 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session closed for user root
May 12 23:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21000]: pam_unix(cron:session): session closed for user samftp
May 12 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20179]: pam_unix(cron:session): session closed for user root
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21439]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21441]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21442]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21440]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21442]: pam_unix(cron:session): session closed for user root
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21437]: pam_unix(cron:session): session closed for user p13x
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21509]: Successful su for rubyman by root
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21509]: + ??? root:rubyman
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381814 of user rubyman.
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21509]: pam_unix(su:session): session closed for user rubyman
May 12 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381814.
May 12 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21439]: pam_unix(cron:session): session closed for user root
May 12 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18875]: pam_unix(cron:session): session closed for user root
May 12 23:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21438]: pam_unix(cron:session): session closed for user samftp
May 12 23:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: Invalid user patrick from 190.103.202.7
May 12 23:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: input_userauth_request: invalid user patrick [preauth]
May 12 23:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 12 23:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: Failed password for invalid user patrick from 190.103.202.7 port 47914 ssh2
May 12 23:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: Connection closed by 190.103.202.7 port 47914 [preauth]
May 12 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20582]: pam_unix(cron:session): session closed for user root
May 12 23:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22205]: pam_unix(cron:session): session closed for user p13x
May 12 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22297]: Successful su for rubyman by root
May 12 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22297]: + ??? root:rubyman
May 12 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381818 of user rubyman.
May 12 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22297]: pam_unix(su:session): session closed for user rubyman
May 12 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381818.
May 12 23:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19289]: pam_unix(cron:session): session closed for user root
May 12 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session closed for user samftp
May 12 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: Invalid user pi from 143.47.106.2
May 12 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: input_userauth_request: invalid user pi [preauth]
May 12 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.47.106.2
May 12 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Failed password for root from 218.92.0.179 port 19530 ssh2
May 12 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Received disconnect from 218.92.0.179 port 19530:11:  [preauth]
May 12 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Disconnected from 218.92.0.179 port 19530 [preauth]
May 12 23:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: Failed password for invalid user pi from 143.47.106.2 port 39818 ssh2
May 12 23:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: Connection closed by 143.47.106.2 port 39818 [preauth]
May 12 23:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22564]: Invalid user flask from 143.47.106.2
May 12 23:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22564]: input_userauth_request: invalid user flask [preauth]
May 12 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22564]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.47.106.2
May 12 23:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22564]: Failed password for invalid user flask from 143.47.106.2 port 45756 ssh2
May 12 23:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22564]: Connection closed by 143.47.106.2 port 45756 [preauth]
May 12 23:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254  user=root
May 12 23:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22202]: Failed password for root from 124.198.59.254 port 57846 ssh2
May 12 23:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22202]: Connection closed by 124.198.59.254 port 57846 [preauth]
May 12 23:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session closed for user root
May 12 23:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Invalid user storage from 122.176.122.24
May 12 23:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: input_userauth_request: invalid user storage [preauth]
May 12 23:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 12 23:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for invalid user storage from 122.176.122.24 port 45546 ssh2
May 12 23:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Received disconnect from 122.176.122.24 port 45546:11: Bye Bye [preauth]
May 12 23:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Disconnected from 122.176.122.24 port 45546 [preauth]
May 12 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22701]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22702]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22699]: pam_unix(cron:session): session closed for user p13x
May 12 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22769]: Successful su for rubyman by root
May 12 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22769]: + ??? root:rubyman
May 12 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381821 of user rubyman.
May 12 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22769]: pam_unix(su:session): session closed for user rubyman
May 12 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381821.
May 12 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19755]: pam_unix(cron:session): session closed for user root
May 12 23:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22700]: pam_unix(cron:session): session closed for user samftp
May 12 23:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21441]: pam_unix(cron:session): session closed for user root
May 12 23:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: Failed password for root from 218.92.0.179 port 36821 ssh2
May 12 23:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 36821 ssh2]
May 12 23:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: Received disconnect from 218.92.0.179 port 36821:11:  [preauth]
May 12 23:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: Disconnected from 218.92.0.179 port 36821 [preauth]
May 12 23:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23171]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23172]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23169]: pam_unix(cron:session): session closed for user p13x
May 12 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23242]: Successful su for rubyman by root
May 12 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23242]: + ??? root:rubyman
May 12 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381826 of user rubyman.
May 12 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23242]: pam_unix(su:session): session closed for user rubyman
May 12 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381826.
May 12 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20178]: pam_unix(cron:session): session closed for user root
May 12 23:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23170]: pam_unix(cron:session): session closed for user samftp
May 12 23:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.47.106.2  user=root
May 12 23:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Failed password for root from 143.47.106.2 port 36694 ssh2
May 12 23:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Invalid user pi from 143.47.106.2
May 12 23:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: input_userauth_request: invalid user pi [preauth]
May 12 23:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Connection closed by 143.47.106.2 port 36694 [preauth]
May 12 23:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.47.106.2
May 12 23:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Failed password for invalid user pi from 143.47.106.2 port 58988 ssh2
May 12 23:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Connection closed by 143.47.106.2 port 58988 [preauth]
May 12 23:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Invalid user fastuser from 143.47.106.2
May 12 23:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: input_userauth_request: invalid user fastuser [preauth]
May 12 23:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.47.106.2
May 12 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Failed password for invalid user fastuser from 143.47.106.2 port 42632 ssh2
May 12 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Connection closed by 143.47.106.2 port 42632 [preauth]
May 12 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session closed for user root
May 12 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23680]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23679]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23676]: pam_unix(cron:session): session closed for user p13x
May 12 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23739]: Successful su for rubyman by root
May 12 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23739]: + ??? root:rubyman
May 12 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381830 of user rubyman.
May 12 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23739]: pam_unix(su:session): session closed for user rubyman
May 12 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381830.
May 12 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20581]: pam_unix(cron:session): session closed for user root
May 12 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session closed for user samftp
May 12 23:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: Invalid user b1 from 34.85.163.94
May 12 23:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: input_userauth_request: invalid user b1 [preauth]
May 12 23:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 12 23:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: Failed password for invalid user b1 from 34.85.163.94 port 43054 ssh2
May 12 23:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: Received disconnect from 34.85.163.94 port 43054:11: Bye Bye [preauth]
May 12 23:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: Disconnected from 34.85.163.94 port 43054 [preauth]
May 12 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22702]: pam_unix(cron:session): session closed for user root
May 12 23:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May 12 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24211]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24210]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24211]: pam_unix(cron:session): session closed for user root
May 12 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24202]: pam_unix(cron:session): session closed for user p13x
May 12 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24284]: Successful su for rubyman by root
May 12 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24284]: + ??? root:rubyman
May 12 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381836 of user rubyman.
May 12 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24284]: pam_unix(su:session): session closed for user rubyman
May 12 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381836.
May 12 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: Failed password for root from 164.68.105.9 port 33674 ssh2
May 12 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: Connection closed by 164.68.105.9 port 33674 [preauth]
May 12 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21001]: pam_unix(cron:session): session closed for user root
May 12 23:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session closed for user root
May 12 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24203]: pam_unix(cron:session): session closed for user samftp
May 12 23:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: Invalid user wang from 143.47.106.2
May 12 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: input_userauth_request: invalid user wang [preauth]
May 12 23:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23172]: pam_unix(cron:session): session closed for user root
May 12 23:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.47.106.2
May 12 23:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24588]: Invalid user awsgui from 143.47.106.2
May 12 23:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24588]: input_userauth_request: invalid user awsgui [preauth]
May 12 23:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24588]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.47.106.2
May 12 23:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: Failed password for invalid user wang from 143.47.106.2 port 45444 ssh2
May 12 23:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: Connection closed by 143.47.106.2 port 45444 [preauth]
May 12 23:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24588]: Failed password for invalid user awsgui from 143.47.106.2 port 39506 ssh2
May 12 23:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24588]: Connection closed by 143.47.106.2 port 39506 [preauth]
May 12 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24685]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24682]: pam_unix(cron:session): session closed for user p13x
May 12 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24752]: Successful su for rubyman by root
May 12 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24752]: + ??? root:rubyman
May 12 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381840 of user rubyman.
May 12 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24752]: pam_unix(su:session): session closed for user rubyman
May 12 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381840.
May 12 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21440]: pam_unix(cron:session): session closed for user root
May 12 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session closed for user samftp
May 12 23:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: User ftp from 143.47.106.2 not allowed because not listed in AllowUsers
May 12 23:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: input_userauth_request: invalid user ftp [preauth]
May 12 23:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.47.106.2  user=ftp
May 12 23:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Failed password for invalid user ftp from 143.47.106.2 port 52842 ssh2
May 12 23:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Connection closed by 143.47.106.2 port 52842 [preauth]
May 12 23:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23680]: pam_unix(cron:session): session closed for user root
May 12 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25099]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session closed for user p13x
May 12 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25161]: Successful su for rubyman by root
May 12 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25161]: + ??? root:rubyman
May 12 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381842 of user rubyman.
May 12 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25161]: pam_unix(su:session): session closed for user rubyman
May 12 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381842.
May 12 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session closed for user root
May 12 23:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session closed for user samftp
May 12 23:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25369]: Failed password for root from 218.92.0.179 port 47271 ssh2
May 12 23:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25369]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 47271 ssh2]
May 12 23:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25369]: Received disconnect from 218.92.0.179 port 47271:11:  [preauth]
May 12 23:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25369]: Disconnected from 218.92.0.179 port 47271 [preauth]
May 12 23:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25369]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25423]: Invalid user t1 from 122.176.122.24
May 12 23:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25423]: input_userauth_request: invalid user t1 [preauth]
May 12 23:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25423]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 12 23:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25423]: Failed password for invalid user t1 from 122.176.122.24 port 53006 ssh2
May 12 23:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25423]: Received disconnect from 122.176.122.24 port 53006:11: Bye Bye [preauth]
May 12 23:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25423]: Disconnected from 122.176.122.24 port 53006 [preauth]
May 12 23:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24210]: pam_unix(cron:session): session closed for user root
May 12 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25510]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25511]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25508]: pam_unix(cron:session): session closed for user p13x
May 12 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25591]: Successful su for rubyman by root
May 12 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25591]: + ??? root:rubyman
May 12 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381848 of user rubyman.
May 12 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25591]: pam_unix(su:session): session closed for user rubyman
May 12 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381848.
May 12 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22701]: pam_unix(cron:session): session closed for user root
May 12 23:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25509]: pam_unix(cron:session): session closed for user samftp
May 12 23:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session closed for user root
May 12 23:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Received disconnect from 218.92.0.179 port 13490:11:  [preauth]
May 12 23:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Disconnected from 218.92.0.179 port 13490 [preauth]
May 12 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26016]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26014]: pam_unix(cron:session): session closed for user p13x
May 12 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26079]: Successful su for rubyman by root
May 12 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26079]: + ??? root:rubyman
May 12 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381851 of user rubyman.
May 12 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26079]: pam_unix(su:session): session closed for user rubyman
May 12 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381851.
May 12 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23171]: pam_unix(cron:session): session closed for user root
May 12 23:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26015]: pam_unix(cron:session): session closed for user samftp
May 12 23:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May 12 23:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26330]: Failed password for root from 193.70.84.184 port 51584 ssh2
May 12 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25099]: pam_unix(cron:session): session closed for user root
May 12 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26330]: Connection closed by 193.70.84.184 port 51584 [preauth]
May 12 23:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26415]: Invalid user mep from 34.85.163.94
May 12 23:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26415]: input_userauth_request: invalid user mep [preauth]
May 12 23:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26415]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 12 23:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26415]: Failed password for invalid user mep from 34.85.163.94 port 33396 ssh2
May 12 23:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26415]: Received disconnect from 34.85.163.94 port 33396:11: Bye Bye [preauth]
May 12 23:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26415]: Disconnected from 34.85.163.94 port 33396 [preauth]
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26442]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26443]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26440]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26441]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26443]: pam_unix(cron:session): session closed for user root
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26438]: pam_unix(cron:session): session closed for user p13x
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26579]: Successful su for rubyman by root
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26579]: + ??? root:rubyman
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381854 of user rubyman.
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26579]: pam_unix(su:session): session closed for user rubyman
May 12 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381854.
May 12 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26440]: pam_unix(cron:session): session closed for user root
May 12 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23679]: pam_unix(cron:session): session closed for user root
May 12 23:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26439]: pam_unix(cron:session): session closed for user samftp
May 12 23:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Failed password for root from 218.92.0.179 port 42648 ssh2
May 12 23:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42648 ssh2]
May 12 23:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Received disconnect from 218.92.0.179 port 42648:11:  [preauth]
May 12 23:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Disconnected from 218.92.0.179 port 42648 [preauth]
May 12 23:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25511]: pam_unix(cron:session): session closed for user root
May 12 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27043]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27044]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27040]: pam_unix(cron:session): session closed for user p13x
May 12 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27125]: Successful su for rubyman by root
May 12 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27125]: + ??? root:rubyman
May 12 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381862 of user rubyman.
May 12 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27125]: pam_unix(su:session): session closed for user rubyman
May 12 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381862.
May 12 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27041]: pam_unix(cron:session): session closed for user samftp
May 12 23:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session closed for user root
May 12 23:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session closed for user root
May 12 23:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27578]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27579]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27576]: pam_unix(cron:session): session closed for user p13x
May 12 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: Successful su for rubyman by root
May 12 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: + ??? root:rubyman
May 12 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381866 of user rubyman.
May 12 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: pam_unix(su:session): session closed for user rubyman
May 12 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381866.
May 12 23:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24685]: pam_unix(cron:session): session closed for user root
May 12 23:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27577]: pam_unix(cron:session): session closed for user samftp
May 12 23:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26442]: pam_unix(cron:session): session closed for user root
May 12 23:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Invalid user aron from 122.176.122.24
May 12 23:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: input_userauth_request: invalid user aron [preauth]
May 12 23:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 12 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Failed password for invalid user aron from 122.176.122.24 port 60464 ssh2
May 12 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Received disconnect from 122.176.122.24 port 60464:11: Bye Bye [preauth]
May 12 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Disconnected from 122.176.122.24 port 60464 [preauth]
May 12 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28023]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28021]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session closed for user p13x
May 12 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28084]: Successful su for rubyman by root
May 12 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28084]: + ??? root:rubyman
May 12 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381869 of user rubyman.
May 12 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28084]: pam_unix(su:session): session closed for user rubyman
May 12 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381869.
May 12 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session closed for user root
May 12 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Failed password for root from 218.92.0.179 port 52398 ssh2
May 12 23:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session closed for user samftp
May 12 23:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Failed password for root from 218.92.0.179 port 52398 ssh2
May 12 23:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Failed password for root from 218.92.0.179 port 52398 ssh2
May 12 23:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Received disconnect from 218.92.0.179 port 52398:11:  [preauth]
May 12 23:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Disconnected from 218.92.0.179 port 52398 [preauth]
May 12 23:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27514]: Connection reset by 218.92.0.179 port 30408 [preauth]
May 12 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27044]: pam_unix(cron:session): session closed for user root
May 12 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28433]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28432]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28430]: pam_unix(cron:session): session closed for user p13x
May 12 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28498]: Successful su for rubyman by root
May 12 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28498]: + ??? root:rubyman
May 12 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381872 of user rubyman.
May 12 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28498]: pam_unix(su:session): session closed for user rubyman
May 12 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381872.
May 12 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25510]: pam_unix(cron:session): session closed for user root
May 12 23:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28431]: pam_unix(cron:session): session closed for user samftp
May 12 23:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27579]: pam_unix(cron:session): session closed for user root
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28838]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28839]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28839]: pam_unix(cron:session): session closed for user root
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session closed for user p13x
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28909]: Successful su for rubyman by root
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28909]: + ??? root:rubyman
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381876 of user rubyman.
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28909]: pam_unix(su:session): session closed for user rubyman
May 12 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381876.
May 12 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26016]: pam_unix(cron:session): session closed for user root
May 12 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session closed for user root
May 12 23:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session closed for user samftp
May 12 23:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: Invalid user jai from 34.85.163.94
May 12 23:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: input_userauth_request: invalid user jai [preauth]
May 12 23:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 12 23:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: Failed password for invalid user jai from 34.85.163.94 port 50998 ssh2
May 12 23:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: Received disconnect from 34.85.163.94 port 50998:11: Bye Bye [preauth]
May 12 23:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: Disconnected from 34.85.163.94 port 50998 [preauth]
May 12 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28023]: pam_unix(cron:session): session closed for user root
May 12 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29378]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session closed for user p13x
May 12 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: Successful su for rubyman by root
May 12 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: + ??? root:rubyman
May 12 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381882 of user rubyman.
May 12 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: pam_unix(su:session): session closed for user rubyman
May 12 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381882.
May 12 23:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26441]: pam_unix(cron:session): session closed for user root
May 12 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session closed for user samftp
May 12 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28433]: pam_unix(cron:session): session closed for user root
May 12 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29791]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29789]: pam_unix(cron:session): session closed for user p13x
May 12 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29852]: Successful su for rubyman by root
May 12 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29852]: + ??? root:rubyman
May 12 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381887 of user rubyman.
May 12 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29852]: pam_unix(su:session): session closed for user rubyman
May 12 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381887.
May 12 23:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27043]: pam_unix(cron:session): session closed for user root
May 12 23:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29790]: pam_unix(cron:session): session closed for user samftp
May 12 23:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28838]: pam_unix(cron:session): session closed for user root
May 12 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30203]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30202]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30200]: pam_unix(cron:session): session closed for user p13x
May 12 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: Successful su for rubyman by root
May 12 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: + ??? root:rubyman
May 12 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381890 of user rubyman.
May 12 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: pam_unix(su:session): session closed for user rubyman
May 12 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381890.
May 12 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27578]: pam_unix(cron:session): session closed for user root
May 12 23:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30201]: pam_unix(cron:session): session closed for user samftp
May 12 23:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: Invalid user admin from 122.176.122.24
May 12 23:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: input_userauth_request: invalid user admin [preauth]
May 12 23:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 12 23:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: Failed password for invalid user admin from 122.176.122.24 port 39694 ssh2
May 12 23:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: Received disconnect from 122.176.122.24 port 39694:11: Bye Bye [preauth]
May 12 23:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: Disconnected from 122.176.122.24 port 39694 [preauth]
May 12 23:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29378]: pam_unix(cron:session): session closed for user root
May 12 23:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30598]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30597]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30593]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30595]: pam_unix(cron:session): session closed for user p13x
May 12 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30717]: Successful su for rubyman by root
May 12 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30717]: + ??? root:rubyman
May 12 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381895 of user rubyman.
May 12 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30717]: pam_unix(su:session): session closed for user rubyman
May 12 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381895.
May 12 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30593]: pam_unix(cron:session): session closed for user root
May 12 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28021]: pam_unix(cron:session): session closed for user root
May 12 23:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30596]: pam_unix(cron:session): session closed for user samftp
May 12 23:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session closed for user root
May 12 23:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31183]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session closed for user root
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session closed for user p13x
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: Successful su for rubyman by root
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: + ??? root:rubyman
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381904 of user rubyman.
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: pam_unix(su:session): session closed for user rubyman
May 12 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381904.
May 12 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session closed for user root
May 12 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28432]: pam_unix(cron:session): session closed for user root
May 12 23:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session closed for user samftp
May 12 23:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Invalid user ciuser from 50.235.31.47
May 12 23:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: input_userauth_request: invalid user ciuser [preauth]
May 12 23:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May 12 23:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Failed password for invalid user ciuser from 50.235.31.47 port 54656 ssh2
May 12 23:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Connection closed by 50.235.31.47 port 54656 [preauth]
May 12 23:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30203]: pam_unix(cron:session): session closed for user root
May 12 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31621]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31622]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31619]: pam_unix(cron:session): session closed for user p13x
May 12 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: Successful su for rubyman by root
May 12 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: + ??? root:rubyman
May 12 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381906 of user rubyman.
May 12 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: pam_unix(su:session): session closed for user rubyman
May 12 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381906.
May 12 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session closed for user root
May 12 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Invalid user alex from 34.85.163.94
May 12 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: input_userauth_request: invalid user alex [preauth]
May 12 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 12 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31620]: pam_unix(cron:session): session closed for user samftp
May 12 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Failed password for invalid user alex from 34.85.163.94 port 50316 ssh2
May 12 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Received disconnect from 34.85.163.94 port 50316:11: Bye Bye [preauth]
May 12 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Disconnected from 34.85.163.94 port 50316 [preauth]
May 12 23:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30598]: pam_unix(cron:session): session closed for user root
May 12 23:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session closed for user p13x
May 12 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32425]: Successful su for rubyman by root
May 12 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32425]: + ??? root:rubyman
May 12 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381909 of user rubyman.
May 12 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32425]: pam_unix(su:session): session closed for user rubyman
May 12 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381909.
May 12 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session closed for user root
May 12 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session closed for user samftp
May 12 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31184]: pam_unix(cron:session): session closed for user root
May 12 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[484]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[483]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[481]: pam_unix(cron:session): session closed for user p13x
May 12 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[557]: Successful su for rubyman by root
May 12 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[557]: + ??? root:rubyman
May 12 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381916 of user rubyman.
May 12 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[557]: pam_unix(su:session): session closed for user rubyman
May 12 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381916.
May 12 23:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29791]: pam_unix(cron:session): session closed for user root
May 12 23:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[482]: pam_unix(cron:session): session closed for user samftp
May 12 23:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: Failed password for root from 218.92.0.179 port 21540 ssh2
May 12 23:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 21540 ssh2]
May 12 23:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: Received disconnect from 218.92.0.179 port 21540:11:  [preauth]
May 12 23:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: Disconnected from 218.92.0.179 port 21540 [preauth]
May 12 23:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31622]: pam_unix(cron:session): session closed for user root
May 12 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[952]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[951]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session closed for user p13x
May 12 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1023]: Successful su for rubyman by root
May 12 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1023]: + ??? root:rubyman
May 12 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381917 of user rubyman.
May 12 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1023]: pam_unix(su:session): session closed for user rubyman
May 12 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381917.
May 12 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Invalid user mep from 122.176.122.24
May 12 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: input_userauth_request: invalid user mep [preauth]
May 12 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 12 23:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30202]: pam_unix(cron:session): session closed for user root
May 12 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Failed password for invalid user mep from 122.176.122.24 port 47164 ssh2
May 12 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Received disconnect from 122.176.122.24 port 47164:11: Bye Bye [preauth]
May 12 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Disconnected from 122.176.122.24 port 47164 [preauth]
May 12 23:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[950]: pam_unix(cron:session): session closed for user samftp
May 12 23:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: Invalid user ali from 164.68.105.9
May 12 23:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: input_userauth_request: invalid user ali [preauth]
May 12 23:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May 12 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: Failed password for invalid user ali from 164.68.105.9 port 37666 ssh2
May 12 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: Connection closed by 164.68.105.9 port 37666 [preauth]
May 12 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session closed for user root
May 12 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1440]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1439]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1440]: pam_unix(cron:session): session closed for user root
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1424]: pam_unix(cron:session): session closed for user p13x
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1518]: Successful su for rubyman by root
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1518]: + ??? root:rubyman
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381924 of user rubyman.
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1518]: pam_unix(su:session): session closed for user rubyman
May 12 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381924.
May 12 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session closed for user root
May 12 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30597]: pam_unix(cron:session): session closed for user root
May 12 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1425]: pam_unix(cron:session): session closed for user samftp
May 12 23:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[484]: pam_unix(cron:session): session closed for user root
May 12 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2021]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2020]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session closed for user p13x
May 12 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2087]: Successful su for rubyman by root
May 12 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2087]: + ??? root:rubyman
May 12 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381927 of user rubyman.
May 12 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2087]: pam_unix(su:session): session closed for user rubyman
May 12 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381927.
May 12 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31183]: pam_unix(cron:session): session closed for user root
May 12 23:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2019]: pam_unix(cron:session): session closed for user samftp
May 12 23:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for root from 218.92.0.179 port 32860 ssh2
May 12 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for root from 218.92.0.179 port 32860 ssh2
May 12 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[952]: pam_unix(cron:session): session closed for user root
May 12 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for root from 218.92.0.179 port 32860 ssh2
May 12 23:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Received disconnect from 218.92.0.179 port 32860:11:  [preauth]
May 12 23:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Disconnected from 218.92.0.179 port 32860 [preauth]
May 12 23:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: Invalid user hadoop from 34.85.163.94
May 12 23:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: input_userauth_request: invalid user hadoop [preauth]
May 12 23:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 12 23:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: Failed password for invalid user hadoop from 34.85.163.94 port 53668 ssh2
May 12 23:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: Received disconnect from 34.85.163.94 port 53668:11: Bye Bye [preauth]
May 12 23:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: Disconnected from 34.85.163.94 port 53668 [preauth]
May 12 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session closed for user p13x
May 12 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2520]: Successful su for rubyman by root
May 12 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2520]: + ??? root:rubyman
May 12 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381932 of user rubyman.
May 12 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2520]: pam_unix(su:session): session closed for user rubyman
May 12 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381932.
May 12 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31621]: pam_unix(cron:session): session closed for user root
May 12 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2450]: pam_unix(cron:session): session closed for user samftp
May 12 23:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2768]: Bad protocol version identification 'GET / HTTP/1.1' from 198.211.106.189 port 51584
May 12 23:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1439]: pam_unix(cron:session): session closed for user root
May 12 23:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2900]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2901]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2897]: pam_unix(cron:session): session closed for user p13x
May 12 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2963]: Successful su for rubyman by root
May 12 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2963]: + ??? root:rubyman
May 12 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381937 of user rubyman.
May 12 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2963]: pam_unix(su:session): session closed for user rubyman
May 12 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381937.
May 12 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session closed for user root
May 12 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2898]: pam_unix(cron:session): session closed for user samftp
May 12 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2021]: pam_unix(cron:session): session closed for user root
May 12 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3306]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3305]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3303]: pam_unix(cron:session): session closed for user p13x
May 12 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3366]: Successful su for rubyman by root
May 12 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3366]: + ??? root:rubyman
May 12 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381939 of user rubyman.
May 12 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3366]: pam_unix(su:session): session closed for user rubyman
May 12 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381939.
May 12 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[483]: pam_unix(cron:session): session closed for user root
May 12 23:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3304]: pam_unix(cron:session): session closed for user samftp
May 12 23:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Failed password for root from 218.92.0.179 port 41339 ssh2
May 12 23:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 41339 ssh2]
May 12 23:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Received disconnect from 218.92.0.179 port 41339:11:  [preauth]
May 12 23:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Disconnected from 218.92.0.179 port 41339 [preauth]
May 12 23:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session closed for user root
May 12 23:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3723]: Invalid user pc from 122.176.122.24
May 12 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3723]: input_userauth_request: invalid user pc [preauth]
May 12 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3723]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 12 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3723]: Failed password for invalid user pc from 122.176.122.24 port 54626 ssh2
May 12 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3723]: Received disconnect from 122.176.122.24 port 54626:11: Bye Bye [preauth]
May 12 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3723]: Disconnected from 122.176.122.24 port 54626 [preauth]
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3771]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3773]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3770]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3773]: pam_unix(cron:session): session closed for user root
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3768]: pam_unix(cron:session): session closed for user p13x
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3836]: Successful su for rubyman by root
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3836]: + ??? root:rubyman
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381945 of user rubyman.
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3836]: pam_unix(su:session): session closed for user rubyman
May 12 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381945.
May 12 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3770]: pam_unix(cron:session): session closed for user root
May 12 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[951]: pam_unix(cron:session): session closed for user root
May 12 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Invalid user admin from 80.94.95.112
May 12 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: input_userauth_request: invalid user admin [preauth]
May 12 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3769]: pam_unix(cron:session): session closed for user samftp
May 12 23:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Failed password for invalid user admin from 80.94.95.112 port 24697 ssh2
May 12 23:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Failed password for invalid user admin from 80.94.95.112 port 24697 ssh2
May 12 23:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Failed password for invalid user admin from 80.94.95.112 port 24697 ssh2
May 12 23:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Failed password for invalid user admin from 80.94.95.112 port 24697 ssh2
May 12 23:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Failed password for invalid user admin from 80.94.95.112 port 24697 ssh2
May 12 23:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Received disconnect from 80.94.95.112 port 24697:11: Bye [preauth]
May 12 23:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Disconnected from 80.94.95.112 port 24697 [preauth]
May 12 23:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 12 23:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: PAM service(sshd) ignoring max retries; 5 > 3
May 12 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2901]: pam_unix(cron:session): session closed for user root
May 12 23:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4270]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4269]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4267]: pam_unix(cron:session): session closed for user p13x
May 12 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4458]: Successful su for rubyman by root
May 12 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4458]: + ??? root:rubyman
May 12 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381949 of user rubyman.
May 12 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4458]: pam_unix(su:session): session closed for user rubyman
May 12 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381949.
May 12 23:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session closed for user root
May 12 23:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4268]: pam_unix(cron:session): session closed for user samftp
May 12 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3306]: pam_unix(cron:session): session closed for user root
May 12 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4826]: pam_unix(cron:session): session closed for user p13x
May 12 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4894]: Successful su for rubyman by root
May 12 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4894]: + ??? root:rubyman
May 12 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381956 of user rubyman.
May 12 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4894]: pam_unix(su:session): session closed for user rubyman
May 12 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381956.
May 12 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2020]: pam_unix(cron:session): session closed for user root
May 12 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session closed for user samftp
May 12 23:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: Failed password for root from 218.92.0.179 port 47469 ssh2
May 12 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: Failed password for root from 218.92.0.179 port 47469 ssh2
May 12 23:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Invalid user admin from 34.85.163.94
May 12 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: input_userauth_request: invalid user admin [preauth]
May 12 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 12 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: Failed password for root from 218.92.0.179 port 47469 ssh2
May 12 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: Received disconnect from 218.92.0.179 port 47469:11:  [preauth]
May 12 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: Disconnected from 218.92.0.179 port 47469 [preauth]
May 12 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Failed password for invalid user admin from 34.85.163.94 port 48252 ssh2
May 12 23:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Received disconnect from 34.85.163.94 port 48252:11: Bye Bye [preauth]
May 12 23:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Disconnected from 34.85.163.94 port 48252 [preauth]
May 12 23:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session closed for user root
May 12 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5443]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session closed for user p13x
May 12 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: Successful su for rubyman by root
May 12 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: + ??? root:rubyman
May 12 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381958 of user rubyman.
May 12 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: pam_unix(su:session): session closed for user rubyman
May 12 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381958.
May 12 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session closed for user root
May 12 23:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session closed for user samftp
May 12 23:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.82.75  user=root
May 12 23:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: Failed password for root from 137.184.82.75 port 60132 ssh2
May 12 23:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: Connection closed by 137.184.82.75 port 60132 [preauth]
May 12 23:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4270]: pam_unix(cron:session): session closed for user root
May 12 23:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: Received disconnect from 218.92.0.179 port 46302:11:  [preauth]
May 12 23:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: Disconnected from 218.92.0.179 port 46302 [preauth]
May 12 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session closed for user p13x
May 12 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: Successful su for rubyman by root
May 12 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: + ??? root:rubyman
May 12 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381962 of user rubyman.
May 12 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: pam_unix(su:session): session closed for user rubyman
May 12 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381962.
May 12 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2900]: pam_unix(cron:session): session closed for user root
May 12 23:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session closed for user samftp
May 12 23:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session closed for user root
May 12 23:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session closed for user root
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session closed for user p13x
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6478]: Successful su for rubyman by root
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6478]: + ??? root:rubyman
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381968 of user rubyman.
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6478]: pam_unix(su:session): session closed for user rubyman
May 12 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381968.
May 12 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session closed for user root
May 12 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3305]: pam_unix(cron:session): session closed for user root
May 12 23:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session closed for user samftp
May 12 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Invalid user ubuntu from 122.176.122.24
May 12 23:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: input_userauth_request: invalid user ubuntu [preauth]
May 12 23:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 12 23:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Failed password for invalid user ubuntu from 122.176.122.24 port 33836 ssh2
May 12 23:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Received disconnect from 122.176.122.24 port 33836:11: Bye Bye [preauth]
May 12 23:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Disconnected from 122.176.122.24 port 33836 [preauth]
May 12 23:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: Failed password for root from 218.92.0.179 port 63928 ssh2
May 12 23:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 63928 ssh2]
May 12 23:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: Received disconnect from 218.92.0.179 port 63928:11:  [preauth]
May 12 23:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: Disconnected from 218.92.0.179 port 63928 [preauth]
May 12 23:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session closed for user root
May 12 23:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92  user=root
May 12 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: Failed password for root from 2.228.25.92 port 32790 ssh2
May 12 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: Received disconnect from 2.228.25.92 port 32790:11: Bye Bye [preauth]
May 12 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: Disconnected from 2.228.25.92 port 32790 [preauth]
May 12 23:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.82.75  user=root
May 12 23:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Failed password for root from 137.184.82.75 port 38620 ssh2
May 12 23:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Connection closed by 137.184.82.75 port 38620 [preauth]
May 12 23:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: Invalid user pi from 137.184.82.75
May 12 23:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: input_userauth_request: invalid user pi [preauth]
May 12 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6856]: pam_unix(cron:session): session closed for user p13x
May 12 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7021]: Successful su for rubyman by root
May 12 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7021]: + ??? root:rubyman
May 12 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381971 of user rubyman.
May 12 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7021]: pam_unix(su:session): session closed for user rubyman
May 12 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381971.
May 12 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3771]: pam_unix(cron:session): session closed for user root
May 12 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.82.75
May 12 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6857]: pam_unix(cron:session): session closed for user samftp
May 12 23:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: Failed password for invalid user pi from 137.184.82.75 port 38634 ssh2
May 12 23:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Invalid user hive from 137.184.82.75
May 12 23:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: input_userauth_request: invalid user hive [preauth]
May 12 23:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: Connection closed by 137.184.82.75 port 38634 [preauth]
May 12 23:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.82.75
May 12 23:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Invalid user git from 137.184.82.75
May 12 23:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: input_userauth_request: invalid user git [preauth]
May 12 23:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Failed password for invalid user hive from 137.184.82.75 port 41228 ssh2
May 12 23:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: Invalid user wang from 137.184.82.75
May 12 23:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: input_userauth_request: invalid user wang [preauth]
May 12 23:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.82.75
May 12 23:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Connection closed by 137.184.82.75 port 41228 [preauth]
May 12 23:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: Invalid user nginx from 137.184.82.75
May 12 23:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: input_userauth_request: invalid user nginx [preauth]
May 12 23:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Failed password for invalid user git from 137.184.82.75 port 41236 ssh2
May 12 23:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.82.75
May 12 23:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7246]: Invalid user mongo from 137.184.82.75
May 12 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7246]: input_userauth_request: invalid user mongo [preauth]
May 12 23:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: Failed password for invalid user wang from 137.184.82.75 port 41246 ssh2
May 12 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.82.75
May 12 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Connection closed by 137.184.82.75 port 41236 [preauth]
May 12 23:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7248]: Invalid user user from 137.184.82.75
May 12 23:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7248]: input_userauth_request: invalid user user [preauth]
May 12 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: Failed password for invalid user nginx from 137.184.82.75 port 41260 ssh2
May 12 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7248]: Connection reset by 137.184.82.75 port 56476 [preauth]
May 12 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7246]: Connection reset by 137.184.82.75 port 56464 [preauth]
May 12 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: Connection reset by 137.184.82.75 port 41260 [preauth]
May 12 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7063]: Connection reset by 137.184.82.75 port 41246 [preauth]
May 12 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Connection reset by 137.184.82.75 port 55364 [preauth]
May 12 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: Did not receive identification string from 137.184.82.75
May 12 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: Connection reset by 137.184.82.75 port 55356 [preauth]
May 12 23:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session closed for user root
May 12 23:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Failed password for root from 218.92.0.179 port 39462 ssh2
May 12 23:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 39462 ssh2]
May 12 23:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Received disconnect from 218.92.0.179 port 39462:11:  [preauth]
May 12 23:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Disconnected from 218.92.0.179 port 39462 [preauth]
May 12 23:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 12 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7406]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7405]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7403]: pam_unix(cron:session): session closed for user p13x
May 12 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7466]: Successful su for rubyman by root
May 12 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7466]: + ??? root:rubyman
May 12 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381975 of user rubyman.
May 12 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7466]: pam_unix(su:session): session closed for user rubyman
May 12 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381975.
May 12 23:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4269]: pam_unix(cron:session): session closed for user root
May 12 23:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7404]: pam_unix(cron:session): session closed for user samftp
May 12 23:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session closed for user root
May 12 23:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Invalid user aron from 34.85.163.94
May 12 23:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: input_userauth_request: invalid user aron [preauth]
May 12 23:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 12 23:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Failed password for invalid user aron from 34.85.163.94 port 46472 ssh2
May 12 23:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Received disconnect from 34.85.163.94 port 46472:11: Bye Bye [preauth]
May 12 23:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Disconnected from 34.85.163.94 port 46472 [preauth]
May 12 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7932]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7930]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7928]: pam_unix(cron:session): session closed for user p13x
May 12 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7995]: Successful su for rubyman by root
May 12 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7995]: + ??? root:rubyman
May 12 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381979 of user rubyman.
May 12 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7995]: pam_unix(su:session): session closed for user rubyman
May 12 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381979.
May 12 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session closed for user root
May 12 23:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7929]: pam_unix(cron:session): session closed for user samftp
May 12 23:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8206]: Invalid user aaaa from 193.32.162.157
May 12 23:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8206]: input_userauth_request: invalid user aaaa [preauth]
May 12 23:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8206]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 23:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8206]: Failed password for invalid user aaaa from 193.32.162.157 port 33138 ssh2
May 12 23:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8206]: Connection closed by 193.32.162.157 port 33138 [preauth]
May 12 23:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session closed for user root
May 12 23:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: Invalid user kubeadmin from 193.32.162.157
May 12 23:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: input_userauth_request: invalid user kubeadmin [preauth]
May 12 23:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 23:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: Failed password for invalid user kubeadmin from 193.32.162.157 port 61952 ssh2
May 12 23:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: Connection closed by 193.32.162.157 port 61952 [preauth]
May 12 23:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: Invalid user aa from 193.32.162.157
May 12 23:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: input_userauth_request: invalid user aa [preauth]
May 12 23:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 12 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 12 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 12 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8362]: pam_unix(cron:session): session closed for user p13x
May 12 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: Failed password for invalid user aa from 193.32.162.157 port 54892 ssh2
May 12 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8428]: Successful su for rubyman by root
May 12 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8428]: + ??? root:rubyman
May 12 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 12 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381984 of user rubyman.
May 12 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8428]: pam_unix(su:session): session closed for user rubyman
May 12 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381984.
May 12 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5443]: pam_unix(cron:session): session closed for user root
May 12 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: Connection closed by 193.32.162.157 port 54892 [preauth]
May 12 23:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8363]: pam_unix(cron:session): session closed for user samftp
May 12 23:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Invalid user adm from 193.32.162.157
May 12 23:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: input_userauth_request: invalid user adm [preauth]
May 12 23:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: pam_unix(sshd:auth): check pass; user unknown
May 12 23:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
May 12 23:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Failed password for invalid user adm from 193.32.162.157 port 35092 ssh2
May 12 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Connection closed by 193.32.162.157 port 35092 [preauth]
May 12 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7406]: pam_unix(cron:session): session closed for user root
May 12 23:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 12 23:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8828]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8826]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8827]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8824]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8825]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8828]: pam_unix(cron:session): session closed for user root
May 13 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8824]: pam_unix(cron:session): session closed for user root
May 13 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8822]: pam_unix(cron:session): session closed for user p13x
May 13 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: Successful su for rubyman by root
May 13 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: + ??? root:rubyman
May 13 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381989 of user rubyman.
May 13 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: pam_unix(su:session): session closed for user rubyman
May 13 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381989.
May 13 00:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: Invalid user hhhh from 213.139.50.178
May 13 00:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: input_userauth_request: invalid user hhhh [preauth]
May 13 00:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session closed for user root
May 13 00:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8825]: pam_unix(cron:session): session closed for user root
May 13 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.139.50.178
May 13 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8823]: pam_unix(cron:session): session closed for user samftp
May 13 00:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: Failed password for invalid user hhhh from 213.139.50.178 port 65312 ssh2
May 13 00:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Invalid user zhangke from 80.249.146.240
May 13 00:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: input_userauth_request: invalid user zhangke [preauth]
May 13 00:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 00:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Failed password for invalid user zhangke from 80.249.146.240 port 54702 ssh2
May 13 00:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Received disconnect from 80.249.146.240 port 54702:11: Bye Bye [preauth]
May 13 00:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Disconnected from 80.249.146.240 port 54702 [preauth]
May 13 00:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9307]: Connection closed by 213.139.50.178 port 53121 [preauth]
May 13 00:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7932]: pam_unix(cron:session): session closed for user root
May 13 00:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: Connection closed by 213.139.50.178 port 50116 [preauth]
May 13 00:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Connection closed by 213.139.50.178 port 51212 [preauth]
May 13 00:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8811]: Connection closed by 213.139.50.178 port 55707 [preauth]
May 13 00:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8809]: Connection closed by 213.139.50.178 port 52586 [preauth]
May 13 00:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: Connection closed by 213.139.50.178 port 50974 [preauth]
May 13 00:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Connection closed by 213.139.50.178 port 52450 [preauth]
May 13 00:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: Connection closed by 213.139.50.178 port 65312 [preauth]
May 13 00:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Connection closed by 213.139.50.178 port 52162 [preauth]
May 13 00:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9332]: Connection closed by 213.139.50.178 port 50571 [preauth]
May 13 00:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Connection closed by 213.139.50.178 port 51864 [preauth]
May 13 00:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Connection closed by 213.139.50.178 port 53254 [preauth]
May 13 00:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: Invalid user ce from 2.228.25.92
May 13 00:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: input_userauth_request: invalid user ce [preauth]
May 13 00:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92
May 13 00:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: Failed password for invalid user ce from 2.228.25.92 port 41692 ssh2
May 13 00:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: Received disconnect from 2.228.25.92 port 41692:11: Bye Bye [preauth]
May 13 00:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: Disconnected from 2.228.25.92 port 41692 [preauth]
May 13 00:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Connection closed by 213.139.50.178 port 54076 [preauth]
May 13 00:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Connection closed by 213.139.50.178 port 51281 [preauth]
May 13 00:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9477]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8688]: Connection closed by 213.139.50.178 port 53192 [preauth]
May 13 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9472]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9476]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9472]: pam_unix(cron:session): session closed for user root
May 13 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9474]: pam_unix(cron:session): session closed for user p13x
May 13 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9544]: Successful su for rubyman by root
May 13 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9544]: + ??? root:rubyman
May 13 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381995 of user rubyman.
May 13 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9544]: pam_unix(su:session): session closed for user rubyman
May 13 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381995.
May 13 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9451]: Connection closed by 213.139.50.178 port 53326 [preauth]
May 13 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session closed for user root
May 13 00:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9475]: pam_unix(cron:session): session closed for user samftp
May 13 00:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Connection closed by 213.139.50.178 port 51856 [preauth]
May 13 00:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: Failed password for root from 218.92.0.179 port 58679 ssh2
May 13 00:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 58679 ssh2]
May 13 00:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: Received disconnect from 218.92.0.179 port 58679:11:  [preauth]
May 13 00:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: Disconnected from 218.92.0.179 port 58679 [preauth]
May 13 00:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8365]: pam_unix(cron:session): session closed for user root
May 13 00:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: Connection closed by 213.139.50.178 port 52590 [preauth]
May 13 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9886]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9885]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9883]: pam_unix(cron:session): session closed for user p13x
May 13 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9944]: Successful su for rubyman by root
May 13 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9944]: + ??? root:rubyman
May 13 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 381999 of user rubyman.
May 13 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9944]: pam_unix(su:session): session closed for user rubyman
May 13 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 381999.
May 13 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session closed for user root
May 13 00:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9884]: pam_unix(cron:session): session closed for user samftp
May 13 00:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: Invalid user zlz from 180.184.134.158
May 13 00:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: input_userauth_request: invalid user zlz [preauth]
May 13 00:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.184.134.158
May 13 00:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: Failed password for invalid user zlz from 180.184.134.158 port 33314 ssh2
May 13 00:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: Received disconnect from 180.184.134.158 port 33314:11: Bye Bye [preauth]
May 13 00:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: Disconnected from 180.184.134.158 port 33314 [preauth]
May 13 00:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Did not receive identification string from 176.65.148.235
May 13 00:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: Did not receive identification string from 176.65.148.235
May 13 00:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10174]: Did not receive identification string from 176.65.148.235
May 13 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8827]: pam_unix(cron:session): session closed for user root
May 13 00:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10193]: Did not receive identification string from 176.65.148.235
May 13 00:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: Did not receive identification string from 176.65.148.235
May 13 00:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Did not receive identification string from 176.65.148.235
May 13 00:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: Failed password for root from 218.92.0.179 port 46899 ssh2
May 13 00:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: Failed password for root from 218.92.0.179 port 46899 ssh2
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10380]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session closed for user p13x
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10453]: Successful su for rubyman by root
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10453]: + ??? root:rubyman
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382004 of user rubyman.
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10453]: pam_unix(su:session): session closed for user rubyman
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382004.
May 13 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: Failed password for root from 218.92.0.179 port 46899 ssh2
May 13 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7405]: pam_unix(cron:session): session closed for user root
May 13 00:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session closed for user samftp
May 13 00:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10762]: Invalid user vaibhav from 34.85.163.94
May 13 00:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10762]: input_userauth_request: invalid user vaibhav [preauth]
May 13 00:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10762]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 13 00:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10762]: Failed password for invalid user vaibhav from 34.85.163.94 port 60256 ssh2
May 13 00:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10762]: Received disconnect from 34.85.163.94 port 60256:11: Bye Bye [preauth]
May 13 00:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10762]: Disconnected from 34.85.163.94 port 60256 [preauth]
May 13 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9477]: pam_unix(cron:session): session closed for user root
May 13 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10861]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10859]: pam_unix(cron:session): session closed for user p13x
May 13 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10918]: Successful su for rubyman by root
May 13 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10918]: + ??? root:rubyman
May 13 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382007 of user rubyman.
May 13 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10918]: pam_unix(su:session): session closed for user rubyman
May 13 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382007.
May 13 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7930]: pam_unix(cron:session): session closed for user root
May 13 00:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10860]: pam_unix(cron:session): session closed for user samftp
May 13 00:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11100]: Connection closed by 213.139.50.178 port 51401 [preauth]
May 13 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9886]: pam_unix(cron:session): session closed for user root
May 13 00:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11255]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session closed for user root
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11252]: pam_unix(cron:session): session closed for user p13x
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11326]: Successful su for rubyman by root
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11326]: + ??? root:rubyman
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382014 of user rubyman.
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11326]: pam_unix(su:session): session closed for user rubyman
May 13 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382014.
May 13 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session closed for user root
May 13 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8364]: pam_unix(cron:session): session closed for user root
May 13 00:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session closed for user samftp
May 13 00:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Invalid user i from 2.228.25.92
May 13 00:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: input_userauth_request: invalid user i [preauth]
May 13 00:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92
May 13 00:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Failed password for invalid user i from 2.228.25.92 port 49208 ssh2
May 13 00:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Received disconnect from 2.228.25.92 port 49208:11: Bye Bye [preauth]
May 13 00:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Disconnected from 2.228.25.92 port 49208 [preauth]
May 13 00:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240  user=root
May 13 00:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: Failed password for root from 80.249.146.240 port 59030 ssh2
May 13 00:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: Received disconnect from 80.249.146.240 port 59030:11: Bye Bye [preauth]
May 13 00:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: Disconnected from 80.249.146.240 port 59030 [preauth]
May 13 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session closed for user root
May 13 00:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: Failed password for root from 218.92.0.179 port 49133 ssh2
May 13 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 49133 ssh2]
May 13 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: Received disconnect from 218.92.0.179 port 49133:11:  [preauth]
May 13 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: Disconnected from 218.92.0.179 port 49133 [preauth]
May 13 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11697]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11698]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11693]: pam_unix(cron:session): session closed for user p13x
May 13 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11763]: Successful su for rubyman by root
May 13 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11763]: + ??? root:rubyman
May 13 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382018 of user rubyman.
May 13 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11763]: pam_unix(su:session): session closed for user rubyman
May 13 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382018.
May 13 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8826]: pam_unix(cron:session): session closed for user root
May 13 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11696]: pam_unix(cron:session): session closed for user samftp
May 13 00:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Invalid user jai from 122.176.122.24
May 13 00:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: input_userauth_request: invalid user jai [preauth]
May 13 00:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Failed password for invalid user jai from 122.176.122.24 port 48712 ssh2
May 13 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Received disconnect from 122.176.122.24 port 48712:11: Bye Bye [preauth]
May 13 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Disconnected from 122.176.122.24 port 48712 [preauth]
May 13 00:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session closed for user root
May 13 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12091]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session closed for user p13x
May 13 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12150]: Successful su for rubyman by root
May 13 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12150]: + ??? root:rubyman
May 13 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382022 of user rubyman.
May 13 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12150]: pam_unix(su:session): session closed for user rubyman
May 13 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382022.
May 13 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9476]: pam_unix(cron:session): session closed for user root
May 13 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session closed for user samftp
May 13 00:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session closed for user root
May 13 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12495]: pam_unix(cron:session): session closed for user p13x
May 13 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12554]: Successful su for rubyman by root
May 13 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12554]: + ??? root:rubyman
May 13 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382027 of user rubyman.
May 13 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12554]: pam_unix(su:session): session closed for user rubyman
May 13 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382027.
May 13 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9885]: pam_unix(cron:session): session closed for user root
May 13 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session closed for user samftp
May 13 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11698]: pam_unix(cron:session): session closed for user root
May 13 00:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12887]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12886]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12882]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12884]: pam_unix(cron:session): session closed for user p13x
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13008]: Successful su for rubyman by root
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13008]: + ??? root:rubyman
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382029 of user rubyman.
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13008]: pam_unix(su:session): session closed for user rubyman
May 13 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382029.
May 13 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12882]: pam_unix(cron:session): session closed for user root
May 13 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10380]: pam_unix(cron:session): session closed for user root
May 13 00:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94  user=root
May 13 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12885]: pam_unix(cron:session): session closed for user samftp
May 13 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13200]: Failed password for root from 34.85.163.94 port 42918 ssh2
May 13 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13200]: Received disconnect from 34.85.163.94 port 42918:11: Bye Bye [preauth]
May 13 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13200]: Disconnected from 34.85.163.94 port 42918 [preauth]
May 13 00:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Connection closed by 213.139.50.178 port 51439 [preauth]
May 13 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12091]: pam_unix(cron:session): session closed for user root
May 13 00:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92  user=root
May 13 00:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Failed password for root from 2.228.25.92 port 56710 ssh2
May 13 00:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Received disconnect from 2.228.25.92 port 56710:11: Bye Bye [preauth]
May 13 00:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Disconnected from 2.228.25.92 port 56710 [preauth]
May 13 00:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Invalid user oraprod from 80.249.146.240
May 13 00:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: input_userauth_request: invalid user oraprod [preauth]
May 13 00:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 00:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Failed password for invalid user oraprod from 80.249.146.240 port 59534 ssh2
May 13 00:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Received disconnect from 80.249.146.240 port 59534:11: Bye Bye [preauth]
May 13 00:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Disconnected from 80.249.146.240 port 59534 [preauth]
May 13 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13391]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13388]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13389]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13390]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13391]: pam_unix(cron:session): session closed for user root
May 13 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session closed for user p13x
May 13 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13550]: Successful su for rubyman by root
May 13 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13550]: + ??? root:rubyman
May 13 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382037 of user rubyman.
May 13 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13550]: pam_unix(su:session): session closed for user rubyman
May 13 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382037.
May 13 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13388]: pam_unix(cron:session): session closed for user root
May 13 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10861]: pam_unix(cron:session): session closed for user root
May 13 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13387]: pam_unix(cron:session): session closed for user samftp
May 13 00:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: Failed password for root from 218.92.0.179 port 58722 ssh2
May 13 00:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 58722 ssh2]
May 13 00:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: Received disconnect from 218.92.0.179 port 58722:11:  [preauth]
May 13 00:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: Disconnected from 218.92.0.179 port 58722 [preauth]
May 13 00:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Invalid user user1 from 181.23.93.79
May 13 00:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: input_userauth_request: invalid user user1 [preauth]
May 13 00:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79
May 13 00:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Failed password for invalid user user1 from 181.23.93.79 port 43766 ssh2
May 13 00:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Received disconnect from 181.23.93.79 port 43766:11: Bye Bye [preauth]
May 13 00:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Disconnected from 181.23.93.79 port 43766 [preauth]
May 13 00:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session closed for user root
May 13 00:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13934]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13933]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session closed for user p13x
May 13 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13998]: Successful su for rubyman by root
May 13 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13998]: + ??? root:rubyman
May 13 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382040 of user rubyman.
May 13 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13998]: pam_unix(su:session): session closed for user rubyman
May 13 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382040.
May 13 00:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11255]: pam_unix(cron:session): session closed for user root
May 13 00:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session closed for user samftp
May 13 00:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Invalid user username from 45.6.188.43
May 13 00:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: input_userauth_request: invalid user username [preauth]
May 13 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 13 00:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Failed password for invalid user username from 45.6.188.43 port 41002 ssh2
May 13 00:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Connection closed by 45.6.188.43 port 41002 [preauth]
May 13 00:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12887]: pam_unix(cron:session): session closed for user root
May 13 00:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Failed password for root from 218.92.0.179 port 37319 ssh2
May 13 00:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Failed password for root from 218.92.0.179 port 37319 ssh2
May 13 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Failed password for root from 218.92.0.179 port 37319 ssh2
May 13 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Received disconnect from 218.92.0.179 port 37319:11:  [preauth]
May 13 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Disconnected from 218.92.0.179 port 37319 [preauth]
May 13 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Invalid user alex from 122.176.122.24
May 13 00:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: input_userauth_request: invalid user alex [preauth]
May 13 00:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 00:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Failed password for invalid user alex from 122.176.122.24 port 56176 ssh2
May 13 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Received disconnect from 122.176.122.24 port 56176:11: Bye Bye [preauth]
May 13 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Disconnected from 122.176.122.24 port 56176 [preauth]
May 13 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14345]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14343]: pam_unix(cron:session): session closed for user p13x
May 13 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: Successful su for rubyman by root
May 13 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: + ??? root:rubyman
May 13 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382046 of user rubyman.
May 13 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: pam_unix(su:session): session closed for user rubyman
May 13 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382046.
May 13 00:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11697]: pam_unix(cron:session): session closed for user root
May 13 00:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14344]: pam_unix(cron:session): session closed for user samftp
May 13 00:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 13 00:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.77.151.17
May 13 00:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14609]: Connection closed by 213.139.50.178 port 53028 [preauth]
May 13 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13390]: pam_unix(cron:session): session closed for user root
May 13 00:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14754]: Invalid user svxlink from 180.184.134.158
May 13 00:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14754]: input_userauth_request: invalid user svxlink [preauth]
May 13 00:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14754]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.184.134.158
May 13 00:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14754]: Failed password for invalid user svxlink from 180.184.134.158 port 41736 ssh2
May 13 00:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Connection closed by 213.139.50.178 port 52954 [preauth]
May 13 00:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14723]: Connection closed by 213.139.50.178 port 53051 [preauth]
May 13 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14784]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session closed for user p13x
May 13 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14841]: Successful su for rubyman by root
May 13 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14841]: + ??? root:rubyman
May 13 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382048 of user rubyman.
May 13 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14841]: pam_unix(su:session): session closed for user rubyman
May 13 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382048.
May 13 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session closed for user root
May 13 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14782]: pam_unix(cron:session): session closed for user samftp
May 13 00:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13934]: pam_unix(cron:session): session closed for user root
May 13 00:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15082]: Connection closed by 213.139.50.178 port 53082 [preauth]
May 13 00:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Connection closed by 121.98.106.26 port 49689 [preauth]
May 13 00:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15191]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15189]: pam_unix(cron:session): session closed for user p13x
May 13 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15251]: Successful su for rubyman by root
May 13 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15251]: + ??? root:rubyman
May 13 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382052 of user rubyman.
May 13 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15251]: pam_unix(su:session): session closed for user rubyman
May 13 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382052.
May 13 00:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session closed for user root
May 13 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: Invalid user gns3 from 20.244.97.219
May 13 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: input_userauth_request: invalid user gns3 [preauth]
May 13 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.97.219
May 13 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15190]: pam_unix(cron:session): session closed for user samftp
May 13 00:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: Failed password for invalid user gns3 from 20.244.97.219 port 47364 ssh2
May 13 00:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: Connection closed by 20.244.97.219 port 47364 [preauth]
May 13 00:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15142]: Connection closed by 213.139.50.178 port 53035 [preauth]
May 13 00:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92  user=root
May 13 00:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Invalid user theta from 80.249.146.240
May 13 00:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: input_userauth_request: invalid user theta [preauth]
May 13 00:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 00:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: Failed password for root from 2.228.25.92 port 35980 ssh2
May 13 00:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: Received disconnect from 2.228.25.92 port 35980:11: Bye Bye [preauth]
May 13 00:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: Disconnected from 2.228.25.92 port 35980 [preauth]
May 13 00:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Failed password for invalid user theta from 80.249.146.240 port 36246 ssh2
May 13 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Received disconnect from 80.249.146.240 port 36246:11: Bye Bye [preauth]
May 13 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Disconnected from 80.249.146.240 port 36246 [preauth]
May 13 00:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session closed for user root
May 13 00:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Invalid user git from 34.85.163.94
May 13 00:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: input_userauth_request: invalid user git [preauth]
May 13 00:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 13 00:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14770]: Connection closed by 213.139.50.178 port 1230 [preauth]
May 13 00:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Failed password for invalid user git from 34.85.163.94 port 41516 ssh2
May 13 00:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Received disconnect from 34.85.163.94 port 41516:11: Bye Bye [preauth]
May 13 00:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Disconnected from 34.85.163.94 port 41516 [preauth]
May 13 00:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14756]: Connection closed by 213.139.50.178 port 53766 [preauth]
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15603]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15605]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15604]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15606]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15606]: pam_unix(cron:session): session closed for user root
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15601]: pam_unix(cron:session): session closed for user p13x
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15666]: Successful su for rubyman by root
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15666]: + ??? root:rubyman
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382058 of user rubyman.
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15666]: pam_unix(su:session): session closed for user rubyman
May 13 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382058.
May 13 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15603]: pam_unix(cron:session): session closed for user root
May 13 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12886]: pam_unix(cron:session): session closed for user root
May 13 00:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15602]: pam_unix(cron:session): session closed for user samftp
May 13 00:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: Connection closed by 213.139.50.178 port 50362 [preauth]
May 13 00:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14784]: pam_unix(cron:session): session closed for user root
May 13 00:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Connection closed by 213.139.50.178 port 50389 [preauth]
May 13 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: Connection closed by 213.139.50.178 port 53186 [preauth]
May 13 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16035]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16036]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16033]: pam_unix(cron:session): session closed for user p13x
May 13 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16099]: Successful su for rubyman by root
May 13 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16099]: + ??? root:rubyman
May 13 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382062 of user rubyman.
May 13 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16099]: pam_unix(su:session): session closed for user rubyman
May 13 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382062.
May 13 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13389]: pam_unix(cron:session): session closed for user root
May 13 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16034]: pam_unix(cron:session): session closed for user samftp
May 13 00:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Connection closed by 213.139.50.178 port 50405 [preauth]
May 13 00:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session closed for user root
May 13 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May 13 00:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16412]: Failed password for root from 190.103.202.7 port 37112 ssh2
May 13 00:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16412]: Connection closed by 190.103.202.7 port 37112 [preauth]
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16431]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16430]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16426]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16426]: pam_unix(cron:session): session closed for user root
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16428]: pam_unix(cron:session): session closed for user p13x
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16523]: Successful su for rubyman by root
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16523]: + ??? root:rubyman
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382067 of user rubyman.
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16523]: pam_unix(su:session): session closed for user rubyman
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382067.
May 13 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May 13 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13933]: pam_unix(cron:session): session closed for user root
May 13 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: Failed password for root from 50.235.31.47 port 37068 ssh2
May 13 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: Connection closed by 50.235.31.47 port 37068 [preauth]
May 13 00:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16429]: pam_unix(cron:session): session closed for user samftp
May 13 00:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Connection closed by 213.139.50.178 port 53923 [preauth]
May 13 00:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24  user=root
May 13 00:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Failed password for root from 122.176.122.24 port 35392 ssh2
May 13 00:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Received disconnect from 122.176.122.24 port 35392:11: Bye Bye [preauth]
May 13 00:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Disconnected from 122.176.122.24 port 35392 [preauth]
May 13 00:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Connection closed by 213.139.50.178 port 50429 [preauth]
May 13 00:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15605]: pam_unix(cron:session): session closed for user root
May 13 00:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: Connection closed by 213.139.50.178 port 53947 [preauth]
May 13 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16919]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16918]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16916]: pam_unix(cron:session): session closed for user p13x
May 13 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16992]: Successful su for rubyman by root
May 13 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16992]: + ??? root:rubyman
May 13 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16992]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382071 of user rubyman.
May 13 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16992]: pam_unix(su:session): session closed for user rubyman
May 13 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382071.
May 13 00:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14345]: pam_unix(cron:session): session closed for user root
May 13 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16917]: pam_unix(cron:session): session closed for user samftp
May 13 00:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for root from 218.92.0.179 port 43434 ssh2
May 13 00:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 43434 ssh2]
May 13 00:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Received disconnect from 218.92.0.179 port 43434:11:  [preauth]
May 13 00:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Disconnected from 218.92.0.179 port 43434 [preauth]
May 13 00:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Connection closed by 213.139.50.178 port 53969 [preauth]
May 13 00:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16036]: pam_unix(cron:session): session closed for user root
May 13 00:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: Connection closed by 213.139.50.178 port 50452 [preauth]
May 13 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17341]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17340]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17338]: pam_unix(cron:session): session closed for user p13x
May 13 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17400]: Successful su for rubyman by root
May 13 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17400]: + ??? root:rubyman
May 13 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382075 of user rubyman.
May 13 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17400]: pam_unix(su:session): session closed for user rubyman
May 13 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382075.
May 13 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14783]: pam_unix(cron:session): session closed for user root
May 13 00:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: Invalid user west from 80.249.146.240
May 13 00:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: input_userauth_request: invalid user west [preauth]
May 13 00:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: Failed password for invalid user west from 80.249.146.240 port 60924 ssh2
May 13 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17339]: pam_unix(cron:session): session closed for user samftp
May 13 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: Received disconnect from 80.249.146.240 port 60924:11: Bye Bye [preauth]
May 13 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: Disconnected from 80.249.146.240 port 60924 [preauth]
May 13 00:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: Invalid user cassandra from 2.228.25.92
May 13 00:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: input_userauth_request: invalid user cassandra [preauth]
May 13 00:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92
May 13 00:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: Failed password for invalid user cassandra from 2.228.25.92 port 43490 ssh2
May 13 00:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: Received disconnect from 2.228.25.92 port 43490:11: Bye Bye [preauth]
May 13 00:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: Disconnected from 2.228.25.92 port 43490 [preauth]
May 13 00:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16431]: pam_unix(cron:session): session closed for user root
May 13 00:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17782]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17784]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17785]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17785]: pam_unix(cron:session): session closed for user root
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17780]: pam_unix(cron:session): session closed for user p13x
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17940]: Successful su for rubyman by root
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17940]: + ??? root:rubyman
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382084 of user rubyman.
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17940]: pam_unix(su:session): session closed for user rubyman
May 13 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382084.
May 13 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17782]: pam_unix(cron:session): session closed for user root
May 13 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15191]: pam_unix(cron:session): session closed for user root
May 13 00:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17781]: pam_unix(cron:session): session closed for user samftp
May 13 00:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17739]: Connection closed by 213.139.50.178 port 53357 [preauth]
May 13 00:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: Invalid user pc from 34.85.163.94
May 13 00:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: input_userauth_request: invalid user pc [preauth]
May 13 00:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 13 00:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: Failed password for invalid user pc from 34.85.163.94 port 51028 ssh2
May 13 00:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Connection closed by 213.139.50.178 port 54016 [preauth]
May 13 00:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: Received disconnect from 34.85.163.94 port 51028:11: Bye Bye [preauth]
May 13 00:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: Disconnected from 34.85.163.94 port 51028 [preauth]
May 13 00:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16919]: pam_unix(cron:session): session closed for user root
May 13 00:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18322]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18319]: pam_unix(cron:session): session closed for user p13x
May 13 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18394]: Successful su for rubyman by root
May 13 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18394]: + ??? root:rubyman
May 13 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382085 of user rubyman.
May 13 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18394]: pam_unix(su:session): session closed for user rubyman
May 13 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382085.
May 13 00:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15604]: pam_unix(cron:session): session closed for user root
May 13 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18321]: pam_unix(cron:session): session closed for user samftp
May 13 00:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17341]: pam_unix(cron:session): session closed for user root
May 13 00:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18746]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18745]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18742]: pam_unix(cron:session): session closed for user p13x
May 13 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18813]: Successful su for rubyman by root
May 13 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18813]: + ??? root:rubyman
May 13 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382090 of user rubyman.
May 13 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18813]: pam_unix(su:session): session closed for user rubyman
May 13 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382090.
May 13 00:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16035]: pam_unix(cron:session): session closed for user root
May 13 00:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18744]: pam_unix(cron:session): session closed for user samftp
May 13 00:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for root from 218.92.0.179 port 53664 ssh2
May 13 00:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for root from 218.92.0.179 port 53664 ssh2
May 13 00:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Invalid user admin from 80.94.95.112
May 13 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: input_userauth_request: invalid user admin [preauth]
May 13 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 13 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18233]: Connection closed by 213.139.50.178 port 53387 [preauth]
May 13 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for root from 218.92.0.179 port 53664 ssh2
May 13 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Received disconnect from 218.92.0.179 port 53664:11:  [preauth]
May 13 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Disconnected from 218.92.0.179 port 53664 [preauth]
May 13 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Failed password for invalid user admin from 80.94.95.112 port 8425 ssh2
May 13 00:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Failed password for invalid user admin from 80.94.95.112 port 8425 ssh2
May 13 00:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Failed password for invalid user admin from 80.94.95.112 port 8425 ssh2
May 13 00:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Failed password for invalid user admin from 80.94.95.112 port 8425 ssh2
May 13 00:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18995]: Connection closed by 213.139.50.178 port 54597 [preauth]
May 13 00:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Failed password for invalid user admin from 80.94.95.112 port 8425 ssh2
May 13 00:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Received disconnect from 80.94.95.112 port 8425:11: Bye [preauth]
May 13 00:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Disconnected from 80.94.95.112 port 8425 [preauth]
May 13 00:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 13 00:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: PAM service(sshd) ignoring max retries; 5 > 3
May 13 00:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17784]: pam_unix(cron:session): session closed for user root
May 13 00:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: Connection closed by 213.139.50.178 port 50518 [preauth]
May 13 00:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: Invalid user rose from 122.176.122.24
May 13 00:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: input_userauth_request: invalid user rose [preauth]
May 13 00:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 00:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: Failed password for invalid user rose from 122.176.122.24 port 42830 ssh2
May 13 00:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: Received disconnect from 122.176.122.24 port 42830:11: Bye Bye [preauth]
May 13 00:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: Disconnected from 122.176.122.24 port 42830 [preauth]
May 13 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19162]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19163]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19160]: pam_unix(cron:session): session closed for user p13x
May 13 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19221]: Successful su for rubyman by root
May 13 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19221]: + ??? root:rubyman
May 13 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382093 of user rubyman.
May 13 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19221]: pam_unix(su:session): session closed for user rubyman
May 13 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382093.
May 13 00:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16430]: pam_unix(cron:session): session closed for user root
May 13 00:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19161]: pam_unix(cron:session): session closed for user samftp
May 13 00:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: Invalid user romain from 181.23.93.79
May 13 00:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: input_userauth_request: invalid user romain [preauth]
May 13 00:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79
May 13 00:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: Failed password for invalid user romain from 181.23.93.79 port 43166 ssh2
May 13 00:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: Received disconnect from 181.23.93.79 port 43166:11: Bye Bye [preauth]
May 13 00:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: Disconnected from 181.23.93.79 port 43166 [preauth]
May 13 00:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69  user=root
May 13 00:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19461]: Failed password for root from 103.133.214.69 port 43998 ssh2
May 13 00:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19461]: Received disconnect from 103.133.214.69 port 43998:11: Bye Bye [preauth]
May 13 00:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19461]: Disconnected from 103.133.214.69 port 43998 [preauth]
May 13 00:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240  user=root
May 13 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session closed for user root
May 13 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Failed password for root from 80.249.146.240 port 37418 ssh2
May 13 00:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Received disconnect from 80.249.146.240 port 37418:11: Bye Bye [preauth]
May 13 00:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Disconnected from 80.249.146.240 port 37418 [preauth]
May 13 00:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19549]: Invalid user ts1 from 2.228.25.92
May 13 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19549]: input_userauth_request: invalid user ts1 [preauth]
May 13 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19549]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92
May 13 00:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19549]: Failed password for invalid user ts1 from 2.228.25.92 port 50988 ssh2
May 13 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19549]: Received disconnect from 2.228.25.92 port 50988:11: Bye Bye [preauth]
May 13 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19549]: Disconnected from 2.228.25.92 port 50988 [preauth]
May 13 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19582]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19580]: pam_unix(cron:session): session closed for user p13x
May 13 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19655]: Successful su for rubyman by root
May 13 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19655]: + ??? root:rubyman
May 13 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382097 of user rubyman.
May 13 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19655]: pam_unix(su:session): session closed for user rubyman
May 13 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382097.
May 13 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16918]: pam_unix(cron:session): session closed for user root
May 13 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19581]: pam_unix(cron:session): session closed for user samftp
May 13 00:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19904]: Did not receive identification string from 205.210.31.54
May 13 00:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18746]: pam_unix(cron:session): session closed for user root
May 13 00:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Invalid user admin from 35.199.95.142
May 13 00:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: input_userauth_request: invalid user admin [preauth]
May 13 00:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142
May 13 00:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Failed password for invalid user admin from 35.199.95.142 port 35852 ssh2
May 13 00:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Received disconnect from 35.199.95.142 port 35852:11: Bye Bye [preauth]
May 13 00:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Disconnected from 35.199.95.142 port 35852 [preauth]
May 13 00:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20012]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20009]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20011]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20010]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20012]: pam_unix(cron:session): session closed for user root
May 13 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session closed for user p13x
May 13 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20088]: Successful su for rubyman by root
May 13 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20088]: + ??? root:rubyman
May 13 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382103 of user rubyman.
May 13 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20088]: pam_unix(su:session): session closed for user rubyman
May 13 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382103.
May 13 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17340]: pam_unix(cron:session): session closed for user root
May 13 00:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20009]: pam_unix(cron:session): session closed for user root
May 13 00:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20008]: pam_unix(cron:session): session closed for user samftp
May 13 00:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19163]: pam_unix(cron:session): session closed for user root
May 13 00:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Invalid user storage from 34.85.163.94
May 13 00:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: input_userauth_request: invalid user storage [preauth]
May 13 00:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 13 00:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Failed password for invalid user storage from 34.85.163.94 port 56402 ssh2
May 13 00:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Received disconnect from 34.85.163.94 port 56402:11: Bye Bye [preauth]
May 13 00:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Disconnected from 34.85.163.94 port 56402 [preauth]
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20454]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20452]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20450]: pam_unix(cron:session): session closed for user p13x
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20527]: Successful su for rubyman by root
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20527]: + ??? root:rubyman
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382108 of user rubyman.
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20527]: pam_unix(su:session): session closed for user rubyman
May 13 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382108.
May 13 00:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20352]: Connection closed by 213.139.50.178 port 1733 [preauth]
May 13 00:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17783]: pam_unix(cron:session): session closed for user root
May 13 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20451]: pam_unix(cron:session): session closed for user samftp
May 13 00:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May 13 00:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19984]: Connection closed by 213.139.50.178 port 53491 [preauth]
May 13 00:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: Failed password for root from 218.92.0.207 port 22134 ssh2
May 13 00:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: Failed password for root from 218.92.0.207 port 22134 ssh2
May 13 00:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: Failed password for root from 218.92.0.207 port 22134 ssh2
May 13 00:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20745]: Connection closed by 180.184.134.158 port 50870 [preauth]
May 13 00:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: Failed password for root from 218.92.0.207 port 22134 ssh2
May 13 00:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: Failed password for root from 218.92.0.207 port 22134 ssh2
May 13 00:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 22134 ssh2 [preauth]
May 13 00:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: Disconnecting: Too many authentication failures [preauth]
May 13 00:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May 13 00:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: PAM service(sshd) ignoring max retries; 5 > 3
May 13 00:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session closed for user root
May 13 00:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: Failed password for root from 218.92.0.179 port 26322 ssh2
May 13 00:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 26322 ssh2]
May 13 00:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: Received disconnect from 218.92.0.179 port 26322:11:  [preauth]
May 13 00:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: Disconnected from 218.92.0.179 port 26322 [preauth]
May 13 00:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20898]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20899]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20896]: pam_unix(cron:session): session closed for user p13x
May 13 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20956]: Successful su for rubyman by root
May 13 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20956]: + ??? root:rubyman
May 13 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382112 of user rubyman.
May 13 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20956]: pam_unix(su:session): session closed for user rubyman
May 13 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382112.
May 13 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18322]: pam_unix(cron:session): session closed for user root
May 13 00:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20897]: pam_unix(cron:session): session closed for user samftp
May 13 00:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20011]: pam_unix(cron:session): session closed for user root
May 13 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21333]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21332]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21330]: pam_unix(cron:session): session closed for user p13x
May 13 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21391]: Successful su for rubyman by root
May 13 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21391]: + ??? root:rubyman
May 13 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382115 of user rubyman.
May 13 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21391]: pam_unix(su:session): session closed for user rubyman
May 13 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382115.
May 13 00:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240  user=root
May 13 00:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18745]: pam_unix(cron:session): session closed for user root
May 13 00:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Failed password for root from 80.249.146.240 port 60470 ssh2
May 13 00:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Received disconnect from 80.249.146.240 port 60470:11: Bye Bye [preauth]
May 13 00:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Disconnected from 80.249.146.240 port 60470 [preauth]
May 13 00:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21331]: pam_unix(cron:session): session closed for user samftp
May 13 00:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21613]: Invalid user huake from 2.228.25.92
May 13 00:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21613]: input_userauth_request: invalid user huake [preauth]
May 13 00:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21613]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92
May 13 00:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21613]: Failed password for invalid user huake from 2.228.25.92 port 58486 ssh2
May 13 00:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21613]: Received disconnect from 2.228.25.92 port 58486:11: Bye Bye [preauth]
May 13 00:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21613]: Disconnected from 2.228.25.92 port 58486 [preauth]
May 13 00:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: Invalid user vaibhav from 122.176.122.24
May 13 00:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: input_userauth_request: invalid user vaibhav [preauth]
May 13 00:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 00:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: Failed password for invalid user vaibhav from 122.176.122.24 port 50270 ssh2
May 13 00:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: Received disconnect from 122.176.122.24 port 50270:11: Bye Bye [preauth]
May 13 00:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: Disconnected from 122.176.122.24 port 50270 [preauth]
May 13 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20454]: pam_unix(cron:session): session closed for user root
May 13 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21877]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21885]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21874]: pam_unix(cron:session): session closed for user p13x
May 13 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22122]: Successful su for rubyman by root
May 13 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22122]: + ??? root:rubyman
May 13 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382119 of user rubyman.
May 13 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22122]: pam_unix(su:session): session closed for user rubyman
May 13 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382119.
May 13 00:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19162]: pam_unix(cron:session): session closed for user root
May 13 00:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21875]: pam_unix(cron:session): session closed for user samftp
May 13 00:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20899]: pam_unix(cron:session): session closed for user root
May 13 00:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79  user=root
May 13 00:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22485]: Failed password for root from 181.23.93.79 port 58720 ssh2
May 13 00:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22485]: Received disconnect from 181.23.93.79 port 58720:11: Bye Bye [preauth]
May 13 00:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22485]: Disconnected from 181.23.93.79 port 58720 [preauth]
May 13 00:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Connection closed by 213.139.50.178 port 54397 [preauth]
May 13 00:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: Connection closed by 213.139.50.178 port 54325 [preauth]
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22557]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22558]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22560]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22560]: pam_unix(cron:session): session closed for user root
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22555]: pam_unix(cron:session): session closed for user p13x
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22631]: Successful su for rubyman by root
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22631]: + ??? root:rubyman
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382125 of user rubyman.
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22631]: pam_unix(su:session): session closed for user rubyman
May 13 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382125.
May 13 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22557]: pam_unix(cron:session): session closed for user root
May 13 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19582]: pam_unix(cron:session): session closed for user root
May 13 00:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22396]: Connection closed by 213.139.50.178 port 52353 [preauth]
May 13 00:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22556]: pam_unix(cron:session): session closed for user samftp
May 13 00:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Connection closed by 213.139.50.178 port 54388 [preauth]
May 13 00:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: Connection closed by 213.139.50.178 port 54414 [preauth]
May 13 00:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21333]: pam_unix(cron:session): session closed for user root
May 13 00:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22378]: Connection closed by 213.139.50.178 port 53756 [preauth]
May 13 00:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22425]: Connection closed by 213.139.50.178 port 50665 [preauth]
May 13 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session closed for user p13x
May 13 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23133]: Successful su for rubyman by root
May 13 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23133]: + ??? root:rubyman
May 13 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382129 of user rubyman.
May 13 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23133]: pam_unix(su:session): session closed for user rubyman
May 13 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382129.
May 13 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20010]: pam_unix(cron:session): session closed for user root
May 13 00:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session closed for user samftp
May 13 00:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: Received disconnect from 218.92.0.179 port 21024:11:  [preauth]
May 13 00:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: Disconnected from 218.92.0.179 port 21024 [preauth]
May 13 00:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23044]: Connection closed by 213.139.50.178 port 52391 [preauth]
May 13 00:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21885]: pam_unix(cron:session): session closed for user root
May 13 00:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Invalid user rose from 34.85.163.94
May 13 00:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: input_userauth_request: invalid user rose [preauth]
May 13 00:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 13 00:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Failed password for invalid user rose from 34.85.163.94 port 53694 ssh2
May 13 00:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Received disconnect from 34.85.163.94 port 53694:11: Bye Bye [preauth]
May 13 00:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Disconnected from 34.85.163.94 port 53694 [preauth]
May 13 00:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23495]: Connection closed by 213.139.50.178 port 52424 [preauth]
May 13 00:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23529]: Connection closed by 213.139.50.178 port 2153 [preauth]
May 13 00:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Connection closed by 213.139.50.178 port 52403 [preauth]
May 13 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23590]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23589]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23587]: pam_unix(cron:session): session closed for user p13x
May 13 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: Successful su for rubyman by root
May 13 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: + ??? root:rubyman
May 13 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382133 of user rubyman.
May 13 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: pam_unix(su:session): session closed for user rubyman
May 13 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382133.
May 13 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20452]: pam_unix(cron:session): session closed for user root
May 13 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23588]: pam_unix(cron:session): session closed for user samftp
May 13 00:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session closed for user root
May 13 00:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: Invalid user mac from 80.249.146.240
May 13 00:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: input_userauth_request: invalid user mac [preauth]
May 13 00:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 00:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: Failed password for invalid user mac from 80.249.146.240 port 39680 ssh2
May 13 00:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: Received disconnect from 80.249.146.240 port 39680:11: Bye Bye [preauth]
May 13 00:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: Disconnected from 80.249.146.240 port 39680 [preauth]
May 13 00:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: Invalid user hek from 2.228.25.92
May 13 00:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: input_userauth_request: invalid user hek [preauth]
May 13 00:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92
May 13 00:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: Failed password for invalid user hek from 2.228.25.92 port 37764 ssh2
May 13 00:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: Received disconnect from 2.228.25.92 port 37764:11: Bye Bye [preauth]
May 13 00:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: Disconnected from 2.228.25.92 port 37764 [preauth]
May 13 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24116]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24117]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session closed for user p13x
May 13 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24178]: Successful su for rubyman by root
May 13 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24178]: + ??? root:rubyman
May 13 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382139 of user rubyman.
May 13 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24178]: pam_unix(su:session): session closed for user rubyman
May 13 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382139.
May 13 00:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20898]: pam_unix(cron:session): session closed for user root
May 13 00:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24115]: pam_unix(cron:session): session closed for user samftp
May 13 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session closed for user root
May 13 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24554]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24552]: pam_unix(cron:session): session closed for user p13x
May 13 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24621]: Successful su for rubyman by root
May 13 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24621]: + ??? root:rubyman
May 13 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382142 of user rubyman.
May 13 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24621]: pam_unix(su:session): session closed for user rubyman
May 13 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382142.
May 13 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21332]: pam_unix(cron:session): session closed for user root
May 13 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Invalid user hadoop from 122.176.122.24
May 13 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: input_userauth_request: invalid user hadoop [preauth]
May 13 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 00:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Failed password for invalid user hadoop from 122.176.122.24 port 57728 ssh2
May 13 00:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24553]: pam_unix(cron:session): session closed for user samftp
May 13 00:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Received disconnect from 122.176.122.24 port 57728:11: Bye Bye [preauth]
May 13 00:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Disconnected from 122.176.122.24 port 57728 [preauth]
May 13 00:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23590]: pam_unix(cron:session): session closed for user root
May 13 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24976]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24977]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24979]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24978]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24979]: pam_unix(cron:session): session closed for user root
May 13 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session closed for user p13x
May 13 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25051]: Successful su for rubyman by root
May 13 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25051]: + ??? root:rubyman
May 13 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382149 of user rubyman.
May 13 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25051]: pam_unix(su:session): session closed for user rubyman
May 13 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382149.
May 13 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24976]: pam_unix(cron:session): session closed for user root
May 13 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21877]: pam_unix(cron:session): session closed for user root
May 13 00:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session closed for user samftp
May 13 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24117]: pam_unix(cron:session): session closed for user root
May 13 00:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: Invalid user guest from 103.133.214.69
May 13 00:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: input_userauth_request: invalid user guest [preauth]
May 13 00:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69
May 13 00:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: Failed password for invalid user guest from 103.133.214.69 port 48554 ssh2
May 13 00:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: Received disconnect from 103.133.214.69 port 48554:11: Bye Bye [preauth]
May 13 00:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: Disconnected from 103.133.214.69 port 48554 [preauth]
May 13 00:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: Invalid user ubuntu from 35.199.95.142
May 13 00:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: input_userauth_request: invalid user ubuntu [preauth]
May 13 00:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142
May 13 00:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: Failed password for invalid user ubuntu from 35.199.95.142 port 34630 ssh2
May 13 00:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: Received disconnect from 35.199.95.142 port 34630:11: Bye Bye [preauth]
May 13 00:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: Disconnected from 35.199.95.142 port 34630 [preauth]
May 13 00:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25432]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25433]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25430]: pam_unix(cron:session): session closed for user p13x
May 13 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25497]: Successful su for rubyman by root
May 13 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25497]: + ??? root:rubyman
May 13 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382153 of user rubyman.
May 13 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25497]: pam_unix(su:session): session closed for user rubyman
May 13 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382153.
May 13 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Invalid user library from 181.23.93.79
May 13 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: input_userauth_request: invalid user library [preauth]
May 13 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79
May 13 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22558]: pam_unix(cron:session): session closed for user root
May 13 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Failed password for invalid user library from 181.23.93.79 port 45708 ssh2
May 13 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Received disconnect from 181.23.93.79 port 45708:11: Bye Bye [preauth]
May 13 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Disconnected from 181.23.93.79 port 45708 [preauth]
May 13 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25431]: pam_unix(cron:session): session closed for user samftp
May 13 00:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25780]: Connection closed by 213.139.50.178 port 54054 [preauth]
May 13 00:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session closed for user root
May 13 00:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25904]: Connection reset by 180.184.134.158 port 56432 [preauth]
May 13 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25934]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25935]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25932]: pam_unix(cron:session): session closed for user p13x
May 13 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25999]: Successful su for rubyman by root
May 13 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25999]: + ??? root:rubyman
May 13 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382157 of user rubyman.
May 13 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25999]: pam_unix(su:session): session closed for user rubyman
May 13 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382157.
May 13 00:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session closed for user root
May 13 00:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25933]: pam_unix(cron:session): session closed for user samftp
May 13 00:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: Invalid user vipin from 34.85.163.94
May 13 00:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: input_userauth_request: invalid user vipin [preauth]
May 13 00:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 13 00:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: Failed password for invalid user vipin from 34.85.163.94 port 57068 ssh2
May 13 00:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: Received disconnect from 34.85.163.94 port 57068:11: Bye Bye [preauth]
May 13 00:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: Disconnected from 34.85.163.94 port 57068 [preauth]
May 13 00:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Invalid user oliver from 80.249.146.240
May 13 00:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: input_userauth_request: invalid user oliver [preauth]
May 13 00:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 00:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Failed password for invalid user oliver from 80.249.146.240 port 60172 ssh2
May 13 00:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Received disconnect from 80.249.146.240 port 60172:11: Bye Bye [preauth]
May 13 00:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Disconnected from 80.249.146.240 port 60172 [preauth]
May 13 00:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Invalid user asad from 2.228.25.92
May 13 00:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: input_userauth_request: invalid user asad [preauth]
May 13 00:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92
May 13 00:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Failed password for invalid user asad from 2.228.25.92 port 45278 ssh2
May 13 00:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Received disconnect from 2.228.25.92 port 45278:11: Bye Bye [preauth]
May 13 00:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Disconnected from 2.228.25.92 port 45278 [preauth]
May 13 00:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24978]: pam_unix(cron:session): session closed for user root
May 13 00:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: Failed password for root from 218.92.0.179 port 16551 ssh2
May 13 00:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 16551 ssh2]
May 13 00:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: Received disconnect from 218.92.0.179 port 16551:11:  [preauth]
May 13 00:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: Disconnected from 218.92.0.179 port 16551 [preauth]
May 13 00:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26353]: pam_unix(cron:session): session closed for user p13x
May 13 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26416]: Successful su for rubyman by root
May 13 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26416]: + ??? root:rubyman
May 13 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382159 of user rubyman.
May 13 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26416]: pam_unix(su:session): session closed for user rubyman
May 13 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382159.
May 13 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23589]: pam_unix(cron:session): session closed for user root
May 13 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session closed for user samftp
May 13 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25433]: pam_unix(cron:session): session closed for user root
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26865]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26867]: pam_unix(cron:session): session closed for user p13x
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: Successful su for rubyman by root
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: + ??? root:rubyman
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382165 of user rubyman.
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: pam_unix(su:session): session closed for user rubyman
May 13 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382165.
May 13 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26865]: pam_unix(cron:session): session closed for user root
May 13 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24116]: pam_unix(cron:session): session closed for user root
May 13 00:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26869]: pam_unix(cron:session): session closed for user samftp
May 13 00:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Failed password for root from 218.92.0.179 port 38252 ssh2
May 13 00:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 38252 ssh2]
May 13 00:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Received disconnect from 218.92.0.179 port 38252:11:  [preauth]
May 13 00:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Disconnected from 218.92.0.179 port 38252 [preauth]
May 13 00:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25935]: pam_unix(cron:session): session closed for user root
May 13 00:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: Invalid user gc from 122.176.122.24
May 13 00:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: input_userauth_request: invalid user gc [preauth]
May 13 00:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 00:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: Failed password for invalid user gc from 122.176.122.24 port 36952 ssh2
May 13 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: Received disconnect from 122.176.122.24 port 36952:11: Bye Bye [preauth]
May 13 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: Disconnected from 122.176.122.24 port 36952 [preauth]
May 13 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: Invalid user azureuser from 164.68.105.9
May 13 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: input_userauth_request: invalid user azureuser [preauth]
May 13 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May 13 00:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: Failed password for invalid user azureuser from 164.68.105.9 port 37208 ssh2
May 13 00:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: Connection closed by 164.68.105.9 port 37208 [preauth]
May 13 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27573]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27573]: pam_unix(cron:session): session closed for user root
May 13 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27566]: pam_unix(cron:session): session closed for user p13x
May 13 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: Successful su for rubyman by root
May 13 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: + ??? root:rubyman
May 13 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382173 of user rubyman.
May 13 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: pam_unix(su:session): session closed for user rubyman
May 13 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382173.
May 13 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session closed for user root
May 13 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24554]: pam_unix(cron:session): session closed for user root
May 13 00:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27567]: pam_unix(cron:session): session closed for user samftp
May 13 00:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Failed password for root from 218.92.0.179 port 33494 ssh2
May 13 00:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 33494 ssh2]
May 13 00:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Received disconnect from 218.92.0.179 port 33494:11:  [preauth]
May 13 00:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Disconnected from 218.92.0.179 port 33494 [preauth]
May 13 00:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session closed for user root
May 13 00:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69  user=root
May 13 00:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Failed password for root from 103.133.214.69 port 59950 ssh2
May 13 00:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Received disconnect from 103.133.214.69 port 59950:11: Bye Bye [preauth]
May 13 00:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Disconnected from 103.133.214.69 port 59950 [preauth]
May 13 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28038]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28039]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28036]: pam_unix(cron:session): session closed for user p13x
May 13 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28105]: Successful su for rubyman by root
May 13 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28105]: + ??? root:rubyman
May 13 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382174 of user rubyman.
May 13 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28105]: pam_unix(su:session): session closed for user rubyman
May 13 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382174.
May 13 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24977]: pam_unix(cron:session): session closed for user root
May 13 00:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28037]: pam_unix(cron:session): session closed for user samftp
May 13 00:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142  user=root
May 13 00:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: Failed password for root from 35.199.95.142 port 41138 ssh2
May 13 00:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: Received disconnect from 35.199.95.142 port 41138:11: Bye Bye [preauth]
May 13 00:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: Disconnected from 35.199.95.142 port 41138 [preauth]
May 13 00:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session closed for user root
May 13 00:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 13 00:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: Failed password for root from 218.92.0.210 port 44736 ssh2
May 13 00:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 44736 ssh2]
May 13 00:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 44736 ssh2 [preauth]
May 13 00:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: Disconnecting: Too many authentication failures [preauth]
May 13 00:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 13 00:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: PAM service(sshd) ignoring max retries; 5 > 3
May 13 00:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Invalid user ubuntu from 80.249.146.240
May 13 00:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: input_userauth_request: invalid user ubuntu [preauth]
May 13 00:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 00:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 13 00:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Failed password for invalid user ubuntu from 80.249.146.240 port 52020 ssh2
May 13 00:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Received disconnect from 80.249.146.240 port 52020:11: Bye Bye [preauth]
May 13 00:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Disconnected from 80.249.146.240 port 52020 [preauth]
May 13 00:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28450]: Failed password for root from 218.92.0.210 port 58500 ssh2
May 13 00:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: Invalid user sonar from 2.228.25.92
May 13 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: input_userauth_request: invalid user sonar [preauth]
May 13 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92
May 13 00:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28450]: Failed password for root from 218.92.0.210 port 58500 ssh2
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28468]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28469]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28466]: pam_unix(cron:session): session closed for user p13x
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: Failed password for invalid user sonar from 2.228.25.92 port 52778 ssh2
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: Successful su for rubyman by root
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: + ??? root:rubyman
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382178 of user rubyman.
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: pam_unix(su:session): session closed for user rubyman
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382178.
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: Received disconnect from 2.228.25.92 port 52778:11: Bye Bye [preauth]
May 13 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: Disconnected from 2.228.25.92 port 52778 [preauth]
May 13 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28450]: Failed password for root from 218.92.0.210 port 58500 ssh2
May 13 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25432]: pam_unix(cron:session): session closed for user root
May 13 00:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28467]: pam_unix(cron:session): session closed for user samftp
May 13 00:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28450]: Failed password for root from 218.92.0.210 port 58500 ssh2
May 13 00:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28450]: message repeated 2 times: [ Failed password for root from 218.92.0.210 port 58500 ssh2]
May 13 00:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28450]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 58500 ssh2 [preauth]
May 13 00:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28450]: Disconnecting: Too many authentication failures [preauth]
May 13 00:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28450]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 13 00:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28450]: PAM service(sshd) ignoring max retries; 6 > 3
May 13 00:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79  user=root
May 13 00:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May 13 00:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: Failed password for root from 181.23.93.79 port 55809 ssh2
May 13 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Failed password for root from 218.92.0.210 port 11744 ssh2
May 13 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: Received disconnect from 181.23.93.79 port 55809:11: Bye Bye [preauth]
May 13 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: Disconnected from 181.23.93.79 port 55809 [preauth]
May 13 00:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Received disconnect from 218.92.0.210 port 11744:11:  [preauth]
May 13 00:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Disconnected from 218.92.0.210 port 11744 [preauth]
May 13 00:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session closed for user root
May 13 00:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94  user=root
May 13 00:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Failed password for root from 34.85.163.94 port 49682 ssh2
May 13 00:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Received disconnect from 34.85.163.94 port 49682:11: Bye Bye [preauth]
May 13 00:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Disconnected from 34.85.163.94 port 49682 [preauth]
May 13 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28873]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28871]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28869]: pam_unix(cron:session): session closed for user p13x
May 13 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28937]: Successful su for rubyman by root
May 13 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28937]: + ??? root:rubyman
May 13 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382183 of user rubyman.
May 13 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28937]: pam_unix(su:session): session closed for user rubyman
May 13 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382183.
May 13 00:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25934]: pam_unix(cron:session): session closed for user root
May 13 00:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28870]: pam_unix(cron:session): session closed for user samftp
May 13 00:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: Failed password for root from 218.92.0.179 port 45323 ssh2
May 13 00:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45323 ssh2]
May 13 00:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: Received disconnect from 218.92.0.179 port 45323:11:  [preauth]
May 13 00:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: Disconnected from 218.92.0.179 port 45323 [preauth]
May 13 00:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28039]: pam_unix(cron:session): session closed for user root
May 13 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29390]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29389]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29387]: pam_unix(cron:session): session closed for user p13x
May 13 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29450]: Successful su for rubyman by root
May 13 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29450]: + ??? root:rubyman
May 13 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382187 of user rubyman.
May 13 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29450]: pam_unix(su:session): session closed for user rubyman
May 13 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382187.
May 13 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session closed for user root
May 13 00:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29388]: pam_unix(cron:session): session closed for user samftp
May 13 00:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28469]: pam_unix(cron:session): session closed for user root
May 13 00:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29767]: Received disconnect from 218.92.0.179 port 37971:11:  [preauth]
May 13 00:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29767]: Disconnected from 218.92.0.179 port 37971 [preauth]
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29797]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29796]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session closed for user root
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29794]: pam_unix(cron:session): session closed for user p13x
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29866]: Successful su for rubyman by root
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29866]: + ??? root:rubyman
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382194 of user rubyman.
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29866]: pam_unix(su:session): session closed for user rubyman
May 13 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382194.
May 13 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29796]: pam_unix(cron:session): session closed for user root
May 13 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session closed for user root
May 13 00:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session closed for user samftp
May 13 00:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24  user=root
May 13 00:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Failed password for root from 122.176.122.24 port 44388 ssh2
May 13 00:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Received disconnect from 122.176.122.24 port 44388:11: Bye Bye [preauth]
May 13 00:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Disconnected from 122.176.122.24 port 44388 [preauth]
May 13 00:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28873]: pam_unix(cron:session): session closed for user root
May 13 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30230]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session closed for user p13x
May 13 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: Successful su for rubyman by root
May 13 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: + ??? root:rubyman
May 13 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382196 of user rubyman.
May 13 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: pam_unix(su:session): session closed for user rubyman
May 13 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382196.
May 13 00:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session closed for user root
May 13 00:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session closed for user samftp
May 13 00:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: Invalid user user1 from 103.133.214.69
May 13 00:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: input_userauth_request: invalid user user1 [preauth]
May 13 00:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69
May 13 00:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: Failed password for invalid user user1 from 103.133.214.69 port 43840 ssh2
May 13 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: Received disconnect from 103.133.214.69 port 43840:11: Bye Bye [preauth]
May 13 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: Disconnected from 103.133.214.69 port 43840 [preauth]
May 13 00:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Invalid user usr1cv8 from 80.249.146.240
May 13 00:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: input_userauth_request: invalid user usr1cv8 [preauth]
May 13 00:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 00:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Failed password for invalid user usr1cv8 from 80.249.146.240 port 52638 ssh2
May 13 00:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Received disconnect from 80.249.146.240 port 52638:11: Bye Bye [preauth]
May 13 00:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Disconnected from 80.249.146.240 port 52638 [preauth]
May 13 00:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: Invalid user wyw from 35.199.95.142
May 13 00:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: input_userauth_request: invalid user wyw [preauth]
May 13 00:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142
May 13 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29390]: pam_unix(cron:session): session closed for user root
May 13 00:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: Failed password for invalid user wyw from 35.199.95.142 port 47666 ssh2
May 13 00:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: Received disconnect from 35.199.95.142 port 47666:11: Bye Bye [preauth]
May 13 00:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: Disconnected from 35.199.95.142 port 47666 [preauth]
May 13 00:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Invalid user shyam from 2.228.25.92
May 13 00:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: input_userauth_request: invalid user shyam [preauth]
May 13 00:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92
May 13 00:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Failed password for invalid user shyam from 2.228.25.92 port 60286 ssh2
May 13 00:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Received disconnect from 2.228.25.92 port 60286:11: Bye Bye [preauth]
May 13 00:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Disconnected from 2.228.25.92 port 60286 [preauth]
May 13 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30639]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30640]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30637]: pam_unix(cron:session): session closed for user p13x
May 13 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30700]: Successful su for rubyman by root
May 13 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30700]: + ??? root:rubyman
May 13 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382200 of user rubyman.
May 13 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30700]: pam_unix(su:session): session closed for user rubyman
May 13 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382200.
May 13 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28038]: pam_unix(cron:session): session closed for user root
May 13 00:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30638]: pam_unix(cron:session): session closed for user samftp
May 13 00:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session closed for user root
May 13 00:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Failed password for root from 218.92.0.179 port 17455 ssh2
May 13 00:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 17455 ssh2]
May 13 00:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Received disconnect from 218.92.0.179 port 17455:11:  [preauth]
May 13 00:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Disconnected from 218.92.0.179 port 17455 [preauth]
May 13 00:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31140]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31142]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31138]: pam_unix(cron:session): session closed for user p13x
May 13 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31204]: Successful su for rubyman by root
May 13 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31204]: + ??? root:rubyman
May 13 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382206 of user rubyman.
May 13 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31204]: pam_unix(su:session): session closed for user rubyman
May 13 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382206.
May 13 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28468]: pam_unix(cron:session): session closed for user root
May 13 00:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31139]: pam_unix(cron:session): session closed for user samftp
May 13 00:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: Invalid user oneadmin from 181.23.93.79
May 13 00:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: input_userauth_request: invalid user oneadmin [preauth]
May 13 00:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79
May 13 00:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31455]: Invalid user yogi from 34.85.163.94
May 13 00:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31455]: input_userauth_request: invalid user yogi [preauth]
May 13 00:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31455]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 13 00:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: Failed password for invalid user oneadmin from 181.23.93.79 port 39485 ssh2
May 13 00:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: Received disconnect from 181.23.93.79 port 39485:11: Bye Bye [preauth]
May 13 00:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: Disconnected from 181.23.93.79 port 39485 [preauth]
May 13 00:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31455]: Failed password for invalid user yogi from 34.85.163.94 port 42064 ssh2
May 13 00:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31455]: Received disconnect from 34.85.163.94 port 42064:11: Bye Bye [preauth]
May 13 00:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31455]: Disconnected from 34.85.163.94 port 42064 [preauth]
May 13 00:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session closed for user root
May 13 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31552]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31551]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31549]: pam_unix(cron:session): session closed for user p13x
May 13 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31612]: Successful su for rubyman by root
May 13 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31612]: + ??? root:rubyman
May 13 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382209 of user rubyman.
May 13 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31612]: pam_unix(su:session): session closed for user rubyman
May 13 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382209.
May 13 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28871]: pam_unix(cron:session): session closed for user root
May 13 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31550]: pam_unix(cron:session): session closed for user samftp
May 13 00:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31826]: Failed password for root from 218.92.0.179 port 50108 ssh2
May 13 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31826]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 50108 ssh2]
May 13 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31826]: Received disconnect from 218.92.0.179 port 50108:11:  [preauth]
May 13 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31826]: Disconnected from 218.92.0.179 port 50108 [preauth]
May 13 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31826]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30640]: pam_unix(cron:session): session closed for user root
May 13 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32218]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32217]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32216]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32218]: pam_unix(cron:session): session closed for user root
May 13 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session closed for user p13x
May 13 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32332]: Successful su for rubyman by root
May 13 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32332]: + ??? root:rubyman
May 13 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382214 of user rubyman.
May 13 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32332]: pam_unix(su:session): session closed for user rubyman
May 13 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382214.
May 13 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session closed for user root
May 13 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29389]: pam_unix(cron:session): session closed for user root
May 13 00:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session closed for user samftp
May 13 00:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: Invalid user patrick from 180.184.134.158
May 13 00:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: input_userauth_request: invalid user patrick [preauth]
May 13 00:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.184.134.158
May 13 00:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: Failed password for invalid user patrick from 180.184.134.158 port 36170 ssh2
May 13 00:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: Received disconnect from 180.184.134.158 port 36170:11: Bye Bye [preauth]
May 13 00:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: Disconnected from 180.184.134.158 port 36170 [preauth]
May 13 00:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31142]: pam_unix(cron:session): session closed for user root
May 13 00:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: Invalid user ajarami from 122.176.122.24
May 13 00:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: input_userauth_request: invalid user ajarami [preauth]
May 13 00:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 00:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: Failed password for invalid user ajarami from 122.176.122.24 port 51840 ssh2
May 13 00:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: Received disconnect from 122.176.122.24 port 51840:11: Bye Bye [preauth]
May 13 00:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: Disconnected from 122.176.122.24 port 51840 [preauth]
May 13 00:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Failed password for root from 218.92.0.179 port 12033 ssh2
May 13 00:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Failed password for root from 218.92.0.179 port 12033 ssh2
May 13 00:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Failed password for root from 218.92.0.179 port 12033 ssh2
May 13 00:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: Invalid user satisfactory from 80.249.146.240
May 13 00:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: input_userauth_request: invalid user satisfactory [preauth]
May 13 00:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[411]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session closed for user p13x
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: Failed password for invalid user satisfactory from 80.249.146.240 port 50328 ssh2
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[512]: Successful su for rubyman by root
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[512]: + ??? root:rubyman
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382219 of user rubyman.
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[512]: pam_unix(su:session): session closed for user rubyman
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382219.
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: Received disconnect from 80.249.146.240 port 50328:11: Bye Bye [preauth]
May 13 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: Disconnected from 80.249.146.240 port 50328 [preauth]
May 13 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29797]: pam_unix(cron:session): session closed for user root
May 13 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session closed for user samftp
May 13 00:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: Invalid user piyush from 103.133.214.69
May 13 00:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: input_userauth_request: invalid user piyush [preauth]
May 13 00:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69
May 13 00:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: Failed password for invalid user piyush from 103.133.214.69 port 49010 ssh2
May 13 00:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: Received disconnect from 103.133.214.69 port 49010:11: Bye Bye [preauth]
May 13 00:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: Disconnected from 103.133.214.69 port 49010 [preauth]
May 13 00:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92  user=root
May 13 00:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: Failed password for root from 2.228.25.92 port 39566 ssh2
May 13 00:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: Received disconnect from 2.228.25.92 port 39566:11: Bye Bye [preauth]
May 13 00:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: Disconnected from 2.228.25.92 port 39566 [preauth]
May 13 00:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31552]: pam_unix(cron:session): session closed for user root
May 13 00:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Invalid user user1 from 35.199.95.142
May 13 00:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: input_userauth_request: invalid user user1 [preauth]
May 13 00:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142
May 13 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Failed password for invalid user user1 from 35.199.95.142 port 54204 ssh2
May 13 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Received disconnect from 35.199.95.142 port 54204:11: Bye Bye [preauth]
May 13 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Disconnected from 35.199.95.142 port 54204 [preauth]
May 13 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[914]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[915]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[912]: pam_unix(cron:session): session closed for user p13x
May 13 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[991]: Successful su for rubyman by root
May 13 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[991]: + ??? root:rubyman
May 13 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382223 of user rubyman.
May 13 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[991]: pam_unix(su:session): session closed for user rubyman
May 13 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382223.
May 13 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30230]: pam_unix(cron:session): session closed for user root
May 13 00:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[913]: pam_unix(cron:session): session closed for user samftp
May 13 00:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32217]: pam_unix(cron:session): session closed for user root
May 13 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1395]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1393]: pam_unix(cron:session): session closed for user p13x
May 13 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: Successful su for rubyman by root
May 13 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: + ??? root:rubyman
May 13 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382226 of user rubyman.
May 13 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: pam_unix(su:session): session closed for user rubyman
May 13 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382226.
May 13 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30639]: pam_unix(cron:session): session closed for user root
May 13 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1394]: pam_unix(cron:session): session closed for user samftp
May 13 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Invalid user ebi from 180.184.134.158
May 13 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: input_userauth_request: invalid user ebi [preauth]
May 13 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.184.134.158
May 13 00:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Failed password for invalid user ebi from 180.184.134.158 port 47286 ssh2
May 13 00:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Received disconnect from 180.184.134.158 port 47286:11: Bye Bye [preauth]
May 13 00:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Disconnected from 180.184.134.158 port 47286 [preauth]
May 13 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[411]: pam_unix(cron:session): session closed for user root
May 13 00:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: Failed password for root from 218.92.0.179 port 48383 ssh2
May 13 00:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: Failed password for root from 218.92.0.179 port 48383 ssh2
May 13 00:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 13 00:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: Failed password for root from 218.92.0.179 port 48383 ssh2
May 13 00:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: Received disconnect from 218.92.0.179 port 48383:11:  [preauth]
May 13 00:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: Disconnected from 218.92.0.179 port 48383 [preauth]
May 13 00:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 00:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: Failed password for root from 80.94.95.15 port 14210 ssh2
May 13 00:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: message repeated 4 times: [ Failed password for root from 80.94.95.15 port 14210 ssh2]
May 13 00:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: Received disconnect from 80.94.95.15 port 14210:11: Bye [preauth]
May 13 00:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: Disconnected from 80.94.95.15 port 14210 [preauth]
May 13 00:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
May 13 00:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: PAM service(sshd) ignoring max retries; 5 > 3
May 13 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1881]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1882]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session closed for user p13x
May 13 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2024]: Successful su for rubyman by root
May 13 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2024]: + ??? root:rubyman
May 13 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382231 of user rubyman.
May 13 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2024]: pam_unix(su:session): session closed for user rubyman
May 13 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382231.
May 13 00:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31140]: pam_unix(cron:session): session closed for user root
May 13 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1880]: pam_unix(cron:session): session closed for user samftp
May 13 00:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94  user=root
May 13 00:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: Failed password for root from 34.85.163.94 port 41218 ssh2
May 13 00:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: Received disconnect from 34.85.163.94 port 41218:11: Bye Bye [preauth]
May 13 00:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: Disconnected from 34.85.163.94 port 41218 [preauth]
May 13 00:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Invalid user admin from 80.94.95.112
May 13 00:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: input_userauth_request: invalid user admin [preauth]
May 13 00:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 13 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[915]: pam_unix(cron:session): session closed for user root
May 13 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Failed password for invalid user admin from 80.94.95.112 port 33087 ssh2
May 13 00:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Failed password for invalid user admin from 80.94.95.112 port 33087 ssh2
May 13 00:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Failed password for invalid user admin from 80.94.95.112 port 33087 ssh2
May 13 00:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Failed password for invalid user admin from 80.94.95.112 port 33087 ssh2
May 13 00:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Failed password for invalid user admin from 80.94.95.112 port 33087 ssh2
May 13 00:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Received disconnect from 80.94.95.112 port 33087:11: Bye [preauth]
May 13 00:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Disconnected from 80.94.95.112 port 33087 [preauth]
May 13 00:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 13 00:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: PAM service(sshd) ignoring max retries; 5 > 3
May 13 00:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Invalid user ming from 181.23.93.79
May 13 00:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: input_userauth_request: invalid user ming [preauth]
May 13 00:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79
May 13 00:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Failed password for invalid user ming from 181.23.93.79 port 51823 ssh2
May 13 00:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Received disconnect from 181.23.93.79 port 51823:11: Bye Bye [preauth]
May 13 00:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Disconnected from 181.23.93.79 port 51823 [preauth]
May 13 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2381]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session closed for user root
May 13 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session closed for user p13x
May 13 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2467]: Successful su for rubyman by root
May 13 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2467]: + ??? root:rubyman
May 13 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382238 of user rubyman.
May 13 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2467]: pam_unix(su:session): session closed for user rubyman
May 13 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382238.
May 13 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31551]: pam_unix(cron:session): session closed for user root
May 13 00:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session closed for user root
May 13 00:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session closed for user samftp
May 13 00:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session closed for user root
May 13 00:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Invalid user admin from 80.249.146.240
May 13 00:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: input_userauth_request: invalid user admin [preauth]
May 13 00:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 00:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Failed password for invalid user admin from 80.249.146.240 port 46530 ssh2
May 13 00:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Received disconnect from 80.249.146.240 port 46530:11: Bye Bye [preauth]
May 13 00:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Disconnected from 80.249.146.240 port 46530 [preauth]
May 13 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2867]: pam_unix(cron:session): session closed for user p13x
May 13 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2943]: Successful su for rubyman by root
May 13 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2943]: + ??? root:rubyman
May 13 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382240 of user rubyman.
May 13 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2943]: pam_unix(su:session): session closed for user rubyman
May 13 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382240.
May 13 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32216]: pam_unix(cron:session): session closed for user root
May 13 00:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session closed for user samftp
May 13 00:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92  user=root
May 13 00:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3155]: Failed password for root from 2.228.25.92 port 47078 ssh2
May 13 00:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3155]: Received disconnect from 2.228.25.92 port 47078:11: Bye Bye [preauth]
May 13 00:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3155]: Disconnected from 2.228.25.92 port 47078 [preauth]
May 13 00:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: Invalid user fermin from 122.176.122.24
May 13 00:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: input_userauth_request: invalid user fermin [preauth]
May 13 00:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 00:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: Failed password for invalid user fermin from 122.176.122.24 port 59254 ssh2
May 13 00:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: Received disconnect from 122.176.122.24 port 59254:11: Bye Bye [preauth]
May 13 00:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: Disconnected from 122.176.122.24 port 59254 [preauth]
May 13 00:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: Invalid user wyw from 103.133.214.69
May 13 00:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: input_userauth_request: invalid user wyw [preauth]
May 13 00:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69
May 13 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: Failed password for invalid user wyw from 103.133.214.69 port 56976 ssh2
May 13 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: Received disconnect from 103.133.214.69 port 56976:11: Bye Bye [preauth]
May 13 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: Disconnected from 103.133.214.69 port 56976 [preauth]
May 13 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1882]: pam_unix(cron:session): session closed for user root
May 13 00:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Received disconnect from 218.92.0.179 port 49959:11:  [preauth]
May 13 00:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Disconnected from 218.92.0.179 port 49959 [preauth]
May 13 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3295]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3296]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3293]: pam_unix(cron:session): session closed for user p13x
May 13 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3354]: Successful su for rubyman by root
May 13 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3354]: + ??? root:rubyman
May 13 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382244 of user rubyman.
May 13 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3354]: pam_unix(su:session): session closed for user rubyman
May 13 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382244.
May 13 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session closed for user root
May 13 00:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3294]: pam_unix(cron:session): session closed for user samftp
May 13 00:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: Invalid user simon from 35.199.95.142
May 13 00:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: input_userauth_request: invalid user simon [preauth]
May 13 00:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142
May 13 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: Failed password for invalid user simon from 35.199.95.142 port 60692 ssh2
May 13 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: Received disconnect from 35.199.95.142 port 60692:11: Bye Bye [preauth]
May 13 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: Disconnected from 35.199.95.142 port 60692 [preauth]
May 13 00:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May 13 00:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: Failed password for root from 218.92.0.205 port 29136 ssh2
May 13 00:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2381]: pam_unix(cron:session): session closed for user root
May 13 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3752]: pam_unix(cron:session): session closed for user p13x
May 13 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: Successful su for rubyman by root
May 13 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: + ??? root:rubyman
May 13 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382250 of user rubyman.
May 13 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: pam_unix(su:session): session closed for user rubyman
May 13 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382250.
May 13 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[914]: pam_unix(cron:session): session closed for user root
May 13 00:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3753]: pam_unix(cron:session): session closed for user samftp
May 13 00:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session closed for user root
May 13 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4196]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4197]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4194]: pam_unix(cron:session): session closed for user p13x
May 13 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4371]: Successful su for rubyman by root
May 13 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4371]: + ??? root:rubyman
May 13 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382252 of user rubyman.
May 13 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4371]: pam_unix(su:session): session closed for user rubyman
May 13 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382252.
May 13 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1395]: pam_unix(cron:session): session closed for user root
May 13 00:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4195]: pam_unix(cron:session): session closed for user samftp
May 13 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3296]: pam_unix(cron:session): session closed for user root
May 13 00:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4749]: Invalid user t1 from 34.85.163.94
May 13 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4749]: input_userauth_request: invalid user t1 [preauth]
May 13 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4749]: pam_unix(sshd:auth): check pass; user unknown
May 13 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 13 00:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4749]: Failed password for invalid user t1 from 34.85.163.94 port 44020 ssh2
May 13 00:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4749]: Received disconnect from 34.85.163.94 port 44020:11: Bye Bye [preauth]
May 13 00:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4749]: Disconnected from 34.85.163.94 port 44020 [preauth]
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4766]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4765]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4767]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4769]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4764]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session closed for user root
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4766]: pam_unix(cron:session): session closed for user root
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4764]: pam_unix(cron:session): session closed for user p13x
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4875]: Successful su for rubyman by root
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4875]: + ??? root:rubyman
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382261 of user rubyman.
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4875]: pam_unix(su:session): session closed for user rubyman
May 13 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382261.
May 13 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4767]: pam_unix(cron:session): session closed for user root
May 13 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1881]: pam_unix(cron:session): session closed for user root
May 13 01:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4765]: pam_unix(cron:session): session closed for user samftp
May 13 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Invalid user summer from 80.249.146.240
May 13 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: input_userauth_request: invalid user summer [preauth]
May 13 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 01:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Failed password for invalid user summer from 80.249.146.240 port 59596 ssh2
May 13 01:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Received disconnect from 80.249.146.240 port 59596:11: Bye Bye [preauth]
May 13 01:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Disconnected from 80.249.146.240 port 59596 [preauth]
May 13 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session closed for user root
May 13 01:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92  user=root
May 13 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5502]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5503]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5500]: pam_unix(cron:session): session closed for user p13x
May 13 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Invalid user dongyu from 181.23.93.79
May 13 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: input_userauth_request: invalid user dongyu [preauth]
May 13 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79
May 13 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5615]: Successful su for rubyman by root
May 13 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5615]: + ??? root:rubyman
May 13 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382265 of user rubyman.
May 13 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5615]: pam_unix(su:session): session closed for user rubyman
May 13 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382265.
May 13 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5485]: Failed password for root from 2.228.25.92 port 54590 ssh2
May 13 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5485]: Received disconnect from 2.228.25.92 port 54590:11: Bye Bye [preauth]
May 13 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5485]: Disconnected from 2.228.25.92 port 54590 [preauth]
May 13 01:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Failed password for invalid user dongyu from 181.23.93.79 port 38272 ssh2
May 13 01:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Received disconnect from 181.23.93.79 port 38272:11: Bye Bye [preauth]
May 13 01:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Disconnected from 181.23.93.79 port 38272 [preauth]
May 13 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session closed for user root
May 13 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5501]: pam_unix(cron:session): session closed for user samftp
May 13 01:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: Invalid user scan from 103.133.214.69
May 13 01:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: input_userauth_request: invalid user scan [preauth]
May 13 01:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69
May 13 01:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: Failed password for invalid user scan from 103.133.214.69 port 50304 ssh2
May 13 01:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: Received disconnect from 103.133.214.69 port 50304:11: Bye Bye [preauth]
May 13 01:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: Disconnected from 103.133.214.69 port 50304 [preauth]
May 13 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4197]: pam_unix(cron:session): session closed for user root
May 13 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Invalid user b1 from 122.176.122.24
May 13 01:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: input_userauth_request: invalid user b1 [preauth]
May 13 01:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 01:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Failed password for invalid user b1 from 122.176.122.24 port 38416 ssh2
May 13 01:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Received disconnect from 122.176.122.24 port 38416:11: Bye Bye [preauth]
May 13 01:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Disconnected from 122.176.122.24 port 38416 [preauth]
May 13 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6065]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6066]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6062]: pam_unix(cron:session): session closed for user p13x
May 13 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6134]: Successful su for rubyman by root
May 13 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6134]: + ??? root:rubyman
May 13 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382267 of user rubyman.
May 13 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6134]: pam_unix(su:session): session closed for user rubyman
May 13 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382267.
May 13 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session closed for user root
May 13 01:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6063]: pam_unix(cron:session): session closed for user samftp
May 13 01:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Invalid user halo from 35.199.95.142
May 13 01:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: input_userauth_request: invalid user halo [preauth]
May 13 01:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142
May 13 01:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Failed password for invalid user halo from 35.199.95.142 port 38978 ssh2
May 13 01:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Received disconnect from 35.199.95.142 port 38978:11: Bye Bye [preauth]
May 13 01:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Disconnected from 35.199.95.142 port 38978 [preauth]
May 13 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4769]: pam_unix(cron:session): session closed for user root
May 13 01:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Failed password for root from 218.92.0.179 port 23923 ssh2
May 13 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 23923 ssh2]
May 13 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Received disconnect from 218.92.0.179 port 23923:11:  [preauth]
May 13 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Disconnected from 218.92.0.179 port 23923 [preauth]
May 13 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6481]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6479]: pam_unix(cron:session): session closed for user p13x
May 13 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6537]: Successful su for rubyman by root
May 13 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6537]: + ??? root:rubyman
May 13 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382271 of user rubyman.
May 13 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6537]: pam_unix(su:session): session closed for user rubyman
May 13 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382271.
May 13 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3295]: pam_unix(cron:session): session closed for user root
May 13 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session closed for user samftp
May 13 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5503]: pam_unix(cron:session): session closed for user root
May 13 01:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Invalid user tomcat from 180.184.134.158
May 13 01:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: input_userauth_request: invalid user tomcat [preauth]
May 13 01:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.184.134.158
May 13 01:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Failed password for invalid user tomcat from 180.184.134.158 port 47554 ssh2
May 13 01:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Received disconnect from 180.184.134.158 port 47554:11: Bye Bye [preauth]
May 13 01:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Disconnected from 180.184.134.158 port 47554 [preauth]
May 13 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6892]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6893]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6890]: pam_unix(cron:session): session closed for user p13x
May 13 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7044]: Successful su for rubyman by root
May 13 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7044]: + ??? root:rubyman
May 13 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382278 of user rubyman.
May 13 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7044]: pam_unix(su:session): session closed for user rubyman
May 13 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382278.
May 13 01:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session closed for user root
May 13 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6891]: pam_unix(cron:session): session closed for user samftp
May 13 01:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: Failed password for root from 218.92.0.179 port 60025 ssh2
May 13 01:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 60025 ssh2]
May 13 01:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: Received disconnect from 218.92.0.179 port 60025:11:  [preauth]
May 13 01:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: Disconnected from 218.92.0.179 port 60025 [preauth]
May 13 01:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6066]: pam_unix(cron:session): session closed for user root
May 13 01:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: Invalid user tushar from 80.249.146.240
May 13 01:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: input_userauth_request: invalid user tushar [preauth]
May 13 01:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 01:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: Failed password for invalid user tushar from 80.249.146.240 port 55980 ssh2
May 13 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: Received disconnect from 80.249.146.240 port 55980:11: Bye Bye [preauth]
May 13 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: Disconnected from 80.249.146.240 port 55980 [preauth]
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7413]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7412]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session closed for user root
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7409]: pam_unix(cron:session): session closed for user p13x
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7483]: Successful su for rubyman by root
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7483]: + ??? root:rubyman
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382279 of user rubyman.
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7483]: pam_unix(su:session): session closed for user rubyman
May 13 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382279.
May 13 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session closed for user root
May 13 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4196]: pam_unix(cron:session): session closed for user root
May 13 01:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7410]: pam_unix(cron:session): session closed for user samftp
May 13 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: Invalid user gc from 34.85.163.94
May 13 01:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: input_userauth_request: invalid user gc [preauth]
May 13 01:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 13 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: Failed password for invalid user gc from 34.85.163.94 port 40690 ssh2
May 13 01:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: Received disconnect from 34.85.163.94 port 40690:11: Bye Bye [preauth]
May 13 01:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: Disconnected from 34.85.163.94 port 40690 [preauth]
May 13 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session closed for user root
May 13 01:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: Failed password for root from 218.92.0.179 port 28164 ssh2
May 13 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 28164 ssh2]
May 13 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: Received disconnect from 218.92.0.179 port 28164:11:  [preauth]
May 13 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: Disconnected from 218.92.0.179 port 28164 [preauth]
May 13 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92  user=root
May 13 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7980]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7981]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7977]: pam_unix(cron:session): session closed for user p13x
May 13 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7973]: Failed password for root from 2.228.25.92 port 33898 ssh2
May 13 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8043]: Successful su for rubyman by root
May 13 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8043]: + ??? root:rubyman
May 13 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382287 of user rubyman.
May 13 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8043]: pam_unix(su:session): session closed for user rubyman
May 13 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382287.
May 13 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7973]: Received disconnect from 2.228.25.92 port 33898:11: Bye Bye [preauth]
May 13 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7973]: Disconnected from 2.228.25.92 port 33898 [preauth]
May 13 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session closed for user root
May 13 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7979]: pam_unix(cron:session): session closed for user samftp
May 13 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Invalid user manu from 103.133.214.69
May 13 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: input_userauth_request: invalid user manu [preauth]
May 13 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69
May 13 01:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Failed password for invalid user manu from 103.133.214.69 port 50890 ssh2
May 13 01:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Received disconnect from 103.133.214.69 port 50890:11: Bye Bye [preauth]
May 13 01:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Disconnected from 103.133.214.69 port 50890 [preauth]
May 13 01:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6893]: pam_unix(cron:session): session closed for user root
May 13 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session closed for user p13x
May 13 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8474]: Successful su for rubyman by root
May 13 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8474]: + ??? root:rubyman
May 13 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382290 of user rubyman.
May 13 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8474]: pam_unix(su:session): session closed for user rubyman
May 13 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382290.
May 13 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5502]: pam_unix(cron:session): session closed for user root
May 13 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8406]: pam_unix(cron:session): session closed for user samftp
May 13 01:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Failed password for root from 218.92.0.179 port 52796 ssh2
May 13 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 52796 ssh2]
May 13 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Received disconnect from 218.92.0.179 port 52796:11:  [preauth]
May 13 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Disconnected from 218.92.0.179 port 52796 [preauth]
May 13 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Invalid user cs from 181.23.93.79
May 13 01:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: input_userauth_request: invalid user cs [preauth]
May 13 01:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79
May 13 01:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Invalid user git from 122.176.122.24
May 13 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: input_userauth_request: invalid user git [preauth]
May 13 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 01:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Failed password for invalid user cs from 181.23.93.79 port 48190 ssh2
May 13 01:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Received disconnect from 181.23.93.79 port 48190:11: Bye Bye [preauth]
May 13 01:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Disconnected from 181.23.93.79 port 48190 [preauth]
May 13 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Failed password for invalid user git from 122.176.122.24 port 45766 ssh2
May 13 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Received disconnect from 122.176.122.24 port 45766:11: Bye Bye [preauth]
May 13 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Disconnected from 122.176.122.24 port 45766 [preauth]
May 13 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7413]: pam_unix(cron:session): session closed for user root
May 13 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Invalid user user from 45.6.188.43
May 13 01:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: input_userauth_request: invalid user user [preauth]
May 13 01:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43
May 13 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Failed password for invalid user user from 45.6.188.43 port 40110 ssh2
May 13 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Connection closed by 45.6.188.43 port 40110 [preauth]
May 13 01:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: Invalid user support from 164.68.105.9
May 13 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: input_userauth_request: invalid user support [preauth]
May 13 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May 13 01:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: Failed password for invalid user support from 164.68.105.9 port 36100 ssh2
May 13 01:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: Connection closed by 164.68.105.9 port 36100 [preauth]
May 13 01:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: Invalid user ubuntu from 35.199.95.142
May 13 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: input_userauth_request: invalid user ubuntu [preauth]
May 13 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142
May 13 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: Failed password for invalid user ubuntu from 35.199.95.142 port 45480 ssh2
May 13 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: Received disconnect from 35.199.95.142 port 45480:11: Bye Bye [preauth]
May 13 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: Disconnected from 35.199.95.142 port 45480 [preauth]
May 13 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8855]: pam_unix(cron:session): session closed for user p13x
May 13 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8918]: Successful su for rubyman by root
May 13 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8918]: + ??? root:rubyman
May 13 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382294 of user rubyman.
May 13 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8918]: pam_unix(su:session): session closed for user rubyman
May 13 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382294.
May 13 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6065]: pam_unix(cron:session): session closed for user root
May 13 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session closed for user samftp
May 13 01:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7981]: pam_unix(cron:session): session closed for user root
May 13 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Failed password for root from 218.92.0.179 port 23485 ssh2
May 13 01:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 23485 ssh2]
May 13 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Received disconnect from 218.92.0.179 port 23485:11:  [preauth]
May 13 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Disconnected from 218.92.0.179 port 23485 [preauth]
May 13 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9387]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9386]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9384]: pam_unix(cron:session): session closed for user p13x
May 13 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: Successful su for rubyman by root
May 13 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: + ??? root:rubyman
May 13 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382299 of user rubyman.
May 13 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: pam_unix(su:session): session closed for user rubyman
May 13 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382299.
May 13 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session closed for user root
May 13 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6481]: pam_unix(cron:session): session closed for user root
May 13 01:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9385]: pam_unix(cron:session): session closed for user samftp
May 13 01:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9754]: Invalid user gabriella from 80.249.146.240
May 13 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9754]: input_userauth_request: invalid user gabriella [preauth]
May 13 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9754]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 01:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9754]: Failed password for invalid user gabriella from 80.249.146.240 port 40312 ssh2
May 13 01:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9754]: Received disconnect from 80.249.146.240 port 40312:11: Bye Bye [preauth]
May 13 01:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9754]: Disconnected from 80.249.146.240 port 40312 [preauth]
May 13 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session closed for user root
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session closed for user root
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9873]: pam_unix(cron:session): session closed for user p13x
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: Successful su for rubyman by root
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: + ??? root:rubyman
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382302 of user rubyman.
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: pam_unix(su:session): session closed for user rubyman
May 13 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382302.
May 13 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session closed for user root
May 13 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6892]: pam_unix(cron:session): session closed for user root
May 13 01:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9874]: pam_unix(cron:session): session closed for user samftp
May 13 01:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: Failed password for root from 218.92.0.179 port 36018 ssh2
May 13 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 36018 ssh2]
May 13 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: Received disconnect from 218.92.0.179 port 36018:11:  [preauth]
May 13 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: Disconnected from 218.92.0.179 port 36018 [preauth]
May 13 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 13 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: Failed password for root from 104.244.77.50 port 48084 ssh2
May 13 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: Connection closed by 104.244.77.50 port 48084 [preauth]
May 13 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 13 01:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: Failed password for root from 104.244.77.50 port 48100 ssh2
May 13 01:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: Connection closed by 104.244.77.50 port 48100 [preauth]
May 13 01:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 13 01:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 13 01:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Failed password for root from 104.244.77.50 port 36898 ssh2
May 13 01:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Connection closed by 104.244.77.50 port 36898 [preauth]
May 13 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 13 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Failed password for root from 104.244.77.50 port 36908 ssh2
May 13 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Connection closed by 104.244.77.50 port 36908 [preauth]
May 13 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Failed password for root from 104.244.77.50 port 36922 ssh2
May 13 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Connection closed by 104.244.77.50 port 36922 [preauth]
May 13 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session closed for user root
May 13 01:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 13 01:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 13 01:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Failed password for root from 104.244.77.50 port 36930 ssh2
May 13 01:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Connection closed by 104.244.77.50 port 36930 [preauth]
May 13 01:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 13 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Failed password for root from 104.244.77.50 port 36936 ssh2
May 13 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Connection closed by 104.244.77.50 port 36936 [preauth]
May 13 01:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Failed password for root from 104.244.77.50 port 60486 ssh2
May 13 01:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Connection closed by 104.244.77.50 port 60486 [preauth]
May 13 01:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 13 01:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: Failed password for root from 104.244.77.50 port 60494 ssh2
May 13 01:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: Connection closed by 104.244.77.50 port 60494 [preauth]
May 13 01:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 13 01:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May 13 01:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Failed password for root from 104.244.77.50 port 60502 ssh2
May 13 01:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Connection closed by 104.244.77.50 port 60502 [preauth]
May 13 01:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: Failed password for root from 104.244.77.50 port 60510 ssh2
May 13 01:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: Connection closed by 104.244.77.50 port 60510 [preauth]
May 13 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92  user=root
May 13 01:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Failed password for root from 2.228.25.92 port 41414 ssh2
May 13 01:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Received disconnect from 2.228.25.92 port 41414:11: Bye Bye [preauth]
May 13 01:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Disconnected from 2.228.25.92 port 41414 [preauth]
May 13 01:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Invalid user ajarami from 34.85.163.94
May 13 01:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: input_userauth_request: invalid user ajarami [preauth]
May 13 01:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 13 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Failed password for invalid user ajarami from 34.85.163.94 port 37456 ssh2
May 13 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Received disconnect from 34.85.163.94 port 37456:11: Bye Bye [preauth]
May 13 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Disconnected from 34.85.163.94 port 37456 [preauth]
May 13 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10428]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10430]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session closed for user p13x
May 13 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10509]: Successful su for rubyman by root
May 13 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10509]: + ??? root:rubyman
May 13 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382308 of user rubyman.
May 13 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10509]: pam_unix(su:session): session closed for user rubyman
May 13 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382308.
May 13 01:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7412]: pam_unix(cron:session): session closed for user root
May 13 01:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10427]: pam_unix(cron:session): session closed for user samftp
May 13 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9387]: pam_unix(cron:session): session closed for user root
May 13 01:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69  user=root
May 13 01:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10857]: Received disconnect from 218.92.0.179 port 25512:11:  [preauth]
May 13 01:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10857]: Disconnected from 218.92.0.179 port 25512 [preauth]
May 13 01:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: Failed password for root from 103.133.214.69 port 36730 ssh2
May 13 01:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: Received disconnect from 103.133.214.69 port 36730:11: Bye Bye [preauth]
May 13 01:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: Disconnected from 103.133.214.69 port 36730 [preauth]
May 13 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session closed for user p13x
May 13 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: Successful su for rubyman by root
May 13 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: + ??? root:rubyman
May 13 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382312 of user rubyman.
May 13 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: pam_unix(su:session): session closed for user rubyman
May 13 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382312.
May 13 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7980]: pam_unix(cron:session): session closed for user root
May 13 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session closed for user samftp
May 13 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session closed for user root
May 13 01:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: Invalid user pp from 122.176.122.24
May 13 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: input_userauth_request: invalid user pp [preauth]
May 13 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: Failed password for invalid user pp from 122.176.122.24 port 53216 ssh2
May 13 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: Received disconnect from 122.176.122.24 port 53216:11: Bye Bye [preauth]
May 13 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: Disconnected from 122.176.122.24 port 53216 [preauth]
May 13 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: Did not receive identification string from 186.96.145.241
May 13 01:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session closed for user p13x
May 13 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11367]: Successful su for rubyman by root
May 13 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11367]: + ??? root:rubyman
May 13 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382317 of user rubyman.
May 13 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11367]: pam_unix(su:session): session closed for user rubyman
May 13 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382317.
May 13 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session closed for user root
May 13 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session closed for user samftp
May 13 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: Received disconnect from 218.92.0.179 port 32230:11:  [preauth]
May 13 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: Disconnected from 218.92.0.179 port 32230 [preauth]
May 13 01:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142  user=root
May 13 01:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Failed password for root from 35.199.95.142 port 52006 ssh2
May 13 01:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Received disconnect from 35.199.95.142 port 52006:11: Bye Bye [preauth]
May 13 01:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Disconnected from 35.199.95.142 port 52006 [preauth]
May 13 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79  user=root
May 13 01:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10430]: pam_unix(cron:session): session closed for user root
May 13 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Failed password for root from 181.23.93.79 port 59952 ssh2
May 13 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Received disconnect from 181.23.93.79 port 59952:11: Bye Bye [preauth]
May 13 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Disconnected from 181.23.93.79 port 59952 [preauth]
May 13 01:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: Invalid user marina from 80.249.146.240
May 13 01:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: input_userauth_request: invalid user marina [preauth]
May 13 01:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: Failed password for invalid user marina from 80.249.146.240 port 35654 ssh2
May 13 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: Received disconnect from 80.249.146.240 port 35654:11: Bye Bye [preauth]
May 13 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: Disconnected from 80.249.146.240 port 35654 [preauth]
May 13 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11719]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11718]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11715]: pam_unix(cron:session): session closed for user p13x
May 13 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11776]: Successful su for rubyman by root
May 13 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11776]: + ??? root:rubyman
May 13 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382320 of user rubyman.
May 13 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11776]: pam_unix(su:session): session closed for user rubyman
May 13 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382320.
May 13 01:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session closed for user root
May 13 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11717]: pam_unix(cron:session): session closed for user samftp
May 13 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session closed for user root
May 13 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12105]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12107]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12108]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12106]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12108]: pam_unix(cron:session): session closed for user root
May 13 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12103]: pam_unix(cron:session): session closed for user p13x
May 13 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12171]: Successful su for rubyman by root
May 13 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12171]: + ??? root:rubyman
May 13 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382326 of user rubyman.
May 13 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12171]: pam_unix(su:session): session closed for user rubyman
May 13 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382326.
May 13 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12105]: pam_unix(cron:session): session closed for user root
May 13 01:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9386]: pam_unix(cron:session): session closed for user root
May 13 01:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12104]: pam_unix(cron:session): session closed for user samftp
May 13 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session closed for user root
May 13 01:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Invalid user matt from 2.228.25.92
May 13 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: input_userauth_request: invalid user matt [preauth]
May 13 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92
May 13 01:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Failed password for invalid user matt from 2.228.25.92 port 48924 ssh2
May 13 01:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Received disconnect from 2.228.25.92 port 48924:11: Bye Bye [preauth]
May 13 01:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Disconnected from 2.228.25.92 port 48924 [preauth]
May 13 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12541]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12542]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12539]: pam_unix(cron:session): session closed for user p13x
May 13 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12607]: Successful su for rubyman by root
May 13 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12607]: + ??? root:rubyman
May 13 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382331 of user rubyman.
May 13 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12607]: pam_unix(su:session): session closed for user rubyman
May 13 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382331.
May 13 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session closed for user root
May 13 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12540]: pam_unix(cron:session): session closed for user samftp
May 13 01:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Connection reset by 218.92.0.179 port 46920 [preauth]
May 13 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11719]: pam_unix(cron:session): session closed for user root
May 13 01:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94  user=root
May 13 01:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: Failed password for root from 34.85.163.94 port 60688 ssh2
May 13 01:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: Received disconnect from 34.85.163.94 port 60688:11: Bye Bye [preauth]
May 13 01:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: Disconnected from 34.85.163.94 port 60688 [preauth]
May 13 01:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: Invalid user user from 103.133.214.69
May 13 01:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: input_userauth_request: invalid user user [preauth]
May 13 01:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69
May 13 01:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: Failed password for invalid user user from 103.133.214.69 port 43826 ssh2
May 13 01:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: Received disconnect from 103.133.214.69 port 43826:11: Bye Bye [preauth]
May 13 01:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: Disconnected from 103.133.214.69 port 43826 [preauth]
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12947]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12946]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session closed for user root
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session closed for user p13x
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: Successful su for rubyman by root
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: + ??? root:rubyman
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382335 of user rubyman.
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: pam_unix(su:session): session closed for user rubyman
May 13 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382335.
May 13 01:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10428]: pam_unix(cron:session): session closed for user root
May 13 01:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session closed for user samftp
May 13 01:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13245]: Failed password for root from 218.92.0.179 port 40661 ssh2
May 13 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13245]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 40661 ssh2]
May 13 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13245]: Received disconnect from 218.92.0.179 port 40661:11:  [preauth]
May 13 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13245]: Disconnected from 218.92.0.179 port 40661 [preauth]
May 13 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13245]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12107]: pam_unix(cron:session): session closed for user root
May 13 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May 13 01:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Failed password for root from 50.235.31.47 port 51950 ssh2
May 13 01:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Connection closed by 50.235.31.47 port 51950 [preauth]
May 13 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13351]: pam_unix(cron:session): session closed for user p13x
May 13 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13414]: Successful su for rubyman by root
May 13 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13414]: + ??? root:rubyman
May 13 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382339 of user rubyman.
May 13 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13414]: pam_unix(su:session): session closed for user rubyman
May 13 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382339.
May 13 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session closed for user root
May 13 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session closed for user samftp
May 13 01:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: Invalid user yogi from 122.176.122.24
May 13 01:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: input_userauth_request: invalid user yogi [preauth]
May 13 01:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24
May 13 01:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: Failed password for invalid user yogi from 122.176.122.24 port 60684 ssh2
May 13 01:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: Received disconnect from 122.176.122.24 port 60684:11: Bye Bye [preauth]
May 13 01:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: Disconnected from 122.176.122.24 port 60684 [preauth]
May 13 01:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: Invalid user srojas from 35.199.95.142
May 13 01:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: input_userauth_request: invalid user srojas [preauth]
May 13 01:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142
May 13 01:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: Failed password for invalid user srojas from 35.199.95.142 port 58506 ssh2
May 13 01:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: Received disconnect from 35.199.95.142 port 58506:11: Bye Bye [preauth]
May 13 01:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13737]: Disconnected from 35.199.95.142 port 58506 [preauth]
May 13 01:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13772]: Invalid user ton from 80.249.146.240
May 13 01:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13772]: input_userauth_request: invalid user ton [preauth]
May 13 01:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13772]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13772]: Failed password for invalid user ton from 80.249.146.240 port 40102 ssh2
May 13 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13772]: Received disconnect from 80.249.146.240 port 40102:11: Bye Bye [preauth]
May 13 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13772]: Disconnected from 80.249.146.240 port 40102 [preauth]
May 13 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12542]: pam_unix(cron:session): session closed for user root
May 13 01:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13863]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13860]: pam_unix(cron:session): session closed for user p13x
May 13 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13922]: Successful su for rubyman by root
May 13 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13922]: + ??? root:rubyman
May 13 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382346 of user rubyman.
May 13 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13922]: pam_unix(su:session): session closed for user rubyman
May 13 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382346.
May 13 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session closed for user root
May 13 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session closed for user samftp
May 13 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12947]: pam_unix(cron:session): session closed for user root
May 13 01:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: Invalid user admin from 181.23.93.79
May 13 01:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: input_userauth_request: invalid user admin [preauth]
May 13 01:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79
May 13 01:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: Failed password for invalid user admin from 181.23.93.79 port 45605 ssh2
May 13 01:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: Received disconnect from 181.23.93.79 port 45605:11: Bye Bye [preauth]
May 13 01:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: Disconnected from 181.23.93.79 port 45605 [preauth]
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14263]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14265]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14264]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14261]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14265]: pam_unix(cron:session): session closed for user root
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14259]: pam_unix(cron:session): session closed for user p13x
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14330]: Successful su for rubyman by root
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14330]: + ??? root:rubyman
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382347 of user rubyman.
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14330]: pam_unix(su:session): session closed for user rubyman
May 13 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382347.
May 13 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14261]: pam_unix(cron:session): session closed for user root
May 13 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11718]: pam_unix(cron:session): session closed for user root
May 13 01:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14260]: pam_unix(cron:session): session closed for user samftp
May 13 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Invalid user rohit from 2.228.25.92
May 13 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: input_userauth_request: invalid user rohit [preauth]
May 13 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92
May 13 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Failed password for invalid user rohit from 2.228.25.92 port 56434 ssh2
May 13 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Received disconnect from 2.228.25.92 port 56434:11: Bye Bye [preauth]
May 13 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Disconnected from 2.228.25.92 port 56434 [preauth]
May 13 01:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: Failed password for root from 218.92.0.179 port 37395 ssh2
May 13 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 37395 ssh2]
May 13 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: Received disconnect from 218.92.0.179 port 37395:11:  [preauth]
May 13 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: Disconnected from 218.92.0.179 port 37395 [preauth]
May 13 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session closed for user root
May 13 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14724]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14723]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14721]: pam_unix(cron:session): session closed for user p13x
May 13 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14787]: Successful su for rubyman by root
May 13 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14787]: + ??? root:rubyman
May 13 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382353 of user rubyman.
May 13 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14787]: pam_unix(su:session): session closed for user rubyman
May 13 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382353.
May 13 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12106]: pam_unix(cron:session): session closed for user root
May 13 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14722]: pam_unix(cron:session): session closed for user samftp
May 13 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13863]: pam_unix(cron:session): session closed for user root
May 13 01:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Invalid user srojas from 103.133.214.69
May 13 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: input_userauth_request: invalid user srojas [preauth]
May 13 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69
May 13 01:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Failed password for invalid user srojas from 103.133.214.69 port 41166 ssh2
May 13 01:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Received disconnect from 103.133.214.69 port 41166:11: Bye Bye [preauth]
May 13 01:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Disconnected from 103.133.214.69 port 41166 [preauth]
May 13 01:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Failed password for root from 218.92.0.179 port 50865 ssh2
May 13 01:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Failed password for root from 218.92.0.179 port 50865 ssh2
May 13 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15136]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15137]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15134]: pam_unix(cron:session): session closed for user p13x
May 13 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15191]: Successful su for rubyman by root
May 13 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15191]: + ??? root:rubyman
May 13 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382357 of user rubyman.
May 13 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15191]: pam_unix(su:session): session closed for user rubyman
May 13 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382357.
May 13 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Failed password for root from 218.92.0.179 port 50865 ssh2
May 13 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Received disconnect from 218.92.0.179 port 50865:11:  [preauth]
May 13 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Disconnected from 218.92.0.179 port 50865 [preauth]
May 13 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May 13 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12541]: pam_unix(cron:session): session closed for user root
May 13 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15135]: pam_unix(cron:session): session closed for user samftp
May 13 01:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94  user=root
May 13 01:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Failed password for root from 34.85.163.94 port 37208 ssh2
May 13 01:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Received disconnect from 34.85.163.94 port 37208:11: Bye Bye [preauth]
May 13 01:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Disconnected from 34.85.163.94 port 37208 [preauth]
May 13 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14264]: pam_unix(cron:session): session closed for user root
May 13 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15527]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15528]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15525]: pam_unix(cron:session): session closed for user p13x
May 13 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15586]: Successful su for rubyman by root
May 13 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15586]: + ??? root:rubyman
May 13 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382361 of user rubyman.
May 13 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15586]: pam_unix(su:session): session closed for user rubyman
May 13 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382361.
May 13 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12946]: pam_unix(cron:session): session closed for user root
May 13 01:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15526]: pam_unix(cron:session): session closed for user samftp
May 13 01:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Invalid user pg from 80.249.146.240
May 13 01:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: input_userauth_request: invalid user pg [preauth]
May 13 01:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 01:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Failed password for invalid user pg from 80.249.146.240 port 45374 ssh2
May 13 01:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Received disconnect from 80.249.146.240 port 45374:11: Bye Bye [preauth]
May 13 01:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Disconnected from 80.249.146.240 port 45374 [preauth]
May 13 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14724]: pam_unix(cron:session): session closed for user root
May 13 01:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142  user=root
May 13 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15893]: Failed password for root from 35.199.95.142 port 36802 ssh2
May 13 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15893]: Received disconnect from 35.199.95.142 port 36802:11: Bye Bye [preauth]
May 13 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15893]: Disconnected from 35.199.95.142 port 36802 [preauth]
May 13 01:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.176.122.24  user=root
May 13 01:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15906]: Failed password for root from 122.176.122.24 port 39908 ssh2
May 13 01:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15906]: Received disconnect from 122.176.122.24 port 39908:11: Bye Bye [preauth]
May 13 01:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15906]: Disconnected from 122.176.122.24 port 39908 [preauth]
May 13 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15941]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15939]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15937]: pam_unix(cron:session): session closed for user p13x
May 13 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15996]: Successful su for rubyman by root
May 13 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15996]: + ??? root:rubyman
May 13 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382365 of user rubyman.
May 13 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15996]: pam_unix(su:session): session closed for user rubyman
May 13 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382365.
May 13 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session closed for user root
May 13 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15938]: pam_unix(cron:session): session closed for user samftp
May 13 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15137]: pam_unix(cron:session): session closed for user root
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16317]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16315]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16314]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16316]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16317]: pam_unix(cron:session): session closed for user root
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16312]: pam_unix(cron:session): session closed for user p13x
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: Successful su for rubyman by root
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: + ??? root:rubyman
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382374 of user rubyman.
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: pam_unix(su:session): session closed for user rubyman
May 13 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382374.
May 13 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.25.92  user=root
May 13 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16314]: pam_unix(cron:session): session closed for user root
May 13 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session closed for user root
May 13 01:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: Failed password for root from 2.228.25.92 port 35708 ssh2
May 13 01:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: Received disconnect from 2.228.25.92 port 35708:11: Bye Bye [preauth]
May 13 01:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: Disconnected from 2.228.25.92 port 35708 [preauth]
May 13 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16313]: pam_unix(cron:session): session closed for user samftp
May 13 01:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Received disconnect from 218.92.0.179 port 43031:11:  [preauth]
May 13 01:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Disconnected from 218.92.0.179 port 43031 [preauth]
May 13 01:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15528]: pam_unix(cron:session): session closed for user root
May 13 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16799]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session closed for user p13x
May 13 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16868]: Successful su for rubyman by root
May 13 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16868]: + ??? root:rubyman
May 13 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382377 of user rubyman.
May 13 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16868]: pam_unix(su:session): session closed for user rubyman
May 13 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382377.
May 13 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14263]: pam_unix(cron:session): session closed for user root
May 13 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session closed for user samftp
May 13 01:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17088]: Invalid user wordpress from 181.23.93.79
May 13 01:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17088]: input_userauth_request: invalid user wordpress [preauth]
May 13 01:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17088]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79
May 13 01:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17088]: Failed password for invalid user wordpress from 181.23.93.79 port 60644 ssh2
May 13 01:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17088]: Received disconnect from 181.23.93.79 port 60644:11: Bye Bye [preauth]
May 13 01:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17088]: Disconnected from 181.23.93.79 port 60644 [preauth]
May 13 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15941]: pam_unix(cron:session): session closed for user root
May 13 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Invalid user user from 190.103.202.7
May 13 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: input_userauth_request: invalid user user [preauth]
May 13 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May 13 01:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Failed password for invalid user user from 190.103.202.7 port 59158 ssh2
May 13 01:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Connection closed by 190.103.202.7 port 59158 [preauth]
May 13 01:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Invalid user admin from 80.94.95.112
May 13 01:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: input_userauth_request: invalid user admin [preauth]
May 13 01:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 13 01:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Failed password for invalid user admin from 80.94.95.112 port 37088 ssh2
May 13 01:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Failed password for invalid user admin from 80.94.95.112 port 37088 ssh2
May 13 01:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Failed password for invalid user admin from 80.94.95.112 port 37088 ssh2
May 13 01:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Failed password for invalid user admin from 80.94.95.112 port 37088 ssh2
May 13 01:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Failed password for invalid user admin from 80.94.95.112 port 37088 ssh2
May 13 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Received disconnect from 80.94.95.112 port 37088:11: Bye [preauth]
May 13 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Disconnected from 80.94.95.112 port 37088 [preauth]
May 13 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May 13 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: PAM service(sshd) ignoring max retries; 5 > 3
May 13 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Invalid user simon from 103.133.214.69
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: input_userauth_request: invalid user simon [preauth]
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17247]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17245]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session closed for user p13x
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17310]: Successful su for rubyman by root
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17310]: + ??? root:rubyman
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382379 of user rubyman.
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17310]: pam_unix(su:session): session closed for user rubyman
May 13 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382379.
May 13 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Failed password for invalid user simon from 103.133.214.69 port 50572 ssh2
May 13 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Received disconnect from 103.133.214.69 port 50572:11: Bye Bye [preauth]
May 13 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Disconnected from 103.133.214.69 port 50572 [preauth]
May 13 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14723]: pam_unix(cron:session): session closed for user root
May 13 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17244]: pam_unix(cron:session): session closed for user samftp
May 13 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16316]: pam_unix(cron:session): session closed for user root
May 13 01:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: Invalid user str from 80.249.146.240
May 13 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: input_userauth_request: invalid user str [preauth]
May 13 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240
May 13 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: Invalid user pp from 34.85.163.94
May 13 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: input_userauth_request: invalid user pp [preauth]
May 13 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.85.163.94
May 13 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: Failed password for invalid user str from 80.249.146.240 port 37914 ssh2
May 13 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: Received disconnect from 80.249.146.240 port 37914:11: Bye Bye [preauth]
May 13 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: Disconnected from 80.249.146.240 port 37914 [preauth]
May 13 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: Failed password for invalid user pp from 34.85.163.94 port 45038 ssh2
May 13 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: Received disconnect from 34.85.163.94 port 45038:11: Bye Bye [preauth]
May 13 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: Disconnected from 34.85.163.94 port 45038 [preauth]
May 13 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17667]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17666]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17664]: pam_unix(cron:session): session closed for user p13x
May 13 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17727]: Successful su for rubyman by root
May 13 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17727]: + ??? root:rubyman
May 13 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382383 of user rubyman.
May 13 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17727]: pam_unix(su:session): session closed for user rubyman
May 13 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382383.
May 13 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15136]: pam_unix(cron:session): session closed for user root
May 13 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17665]: pam_unix(cron:session): session closed for user samftp
May 13 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session closed for user root
May 13 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18192]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18193]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18190]: pam_unix(cron:session): session closed for user p13x
May 13 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18251]: Successful su for rubyman by root
May 13 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18251]: + ??? root:rubyman
May 13 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382387 of user rubyman.
May 13 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18251]: pam_unix(su:session): session closed for user rubyman
May 13 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382387.
May 13 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15527]: pam_unix(cron:session): session closed for user root
May 13 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18191]: pam_unix(cron:session): session closed for user samftp
May 13 01:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: Invalid user scan from 35.199.95.142
May 13 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: input_userauth_request: invalid user scan [preauth]
May 13 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.95.142
May 13 01:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: Failed password for invalid user scan from 35.199.95.142 port 43316 ssh2
May 13 01:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: Received disconnect from 35.199.95.142 port 43316:11: Bye Bye [preauth]
May 13 01:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: Disconnected from 35.199.95.142 port 43316 [preauth]
May 13 01:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17247]: pam_unix(cron:session): session closed for user root
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18603]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18602]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session closed for user root
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18600]: pam_unix(cron:session): session closed for user p13x
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18669]: Successful su for rubyman by root
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18669]: + ??? root:rubyman
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382394 of user rubyman.
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18669]: pam_unix(su:session): session closed for user rubyman
May 13 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382394.
May 13 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18602]: pam_unix(cron:session): session closed for user root
May 13 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15939]: pam_unix(cron:session): session closed for user root
May 13 01:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18601]: pam_unix(cron:session): session closed for user samftp
May 13 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17667]: pam_unix(cron:session): session closed for user root
May 13 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19039]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19035]: pam_unix(cron:session): session closed for user p13x
May 13 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19109]: Successful su for rubyman by root
May 13 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19109]: + ??? root:rubyman
May 13 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382397 of user rubyman.
May 13 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19109]: pam_unix(su:session): session closed for user rubyman
May 13 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382397.
May 13 01:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16315]: pam_unix(cron:session): session closed for user root
May 13 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19038]: pam_unix(cron:session): session closed for user samftp
May 13 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18193]: pam_unix(cron:session): session closed for user root
May 13 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19454]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19455]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session closed for user p13x
May 13 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19514]: Successful su for rubyman by root
May 13 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19514]: + ??? root:rubyman
May 13 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382402 of user rubyman.
May 13 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19514]: pam_unix(su:session): session closed for user rubyman
May 13 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382402.
May 13 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16799]: pam_unix(cron:session): session closed for user root
May 13 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19453]: pam_unix(cron:session): session closed for user samftp
May 13 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Invalid user ubuntu from 103.133.214.69
May 13 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: input_userauth_request: invalid user ubuntu [preauth]
May 13 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: pam_unix(sshd:auth): check pass; user unknown
May 13 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.214.69
May 13 01:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.249.146.240  user=root
May 13 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Failed password for invalid user ubuntu from 103.133.214.69 port 40012 ssh2
May 13 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Received disconnect from 103.133.214.69 port 40012:11: Bye Bye [preauth]
May 13 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Disconnected from 103.133.214.69 port 40012 [preauth]
May 13 01:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Failed password for root from 80.249.146.240 port 39562 ssh2
May 13 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Received disconnect from 80.249.146.240 port 39562:11: Bye Bye [preauth]
May 13 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Disconnected from 80.249.146.240 port 39562 [preauth]
May 13 01:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session closed for user root
May 13 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 13 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.93.79  user=root
May 13 01:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: Failed password for root from 181.23.93.79 port 47680 ssh2
May 13 01:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: Received disconnect from 181.23.93.79 port 47680:11: Bye Bye [preauth]
May 13 01:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19817]: Disconnected from 181.23.93.79 port 47680 [preauth]
May 13 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19888]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19889]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session closed for user p13x
May 13 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: Successful su for rubyman by root
May 13 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: + ??? root:rubyman
May 13 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 13 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 382406 of user rubyman.
May 13 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: pam_unix(su:session): session closed for user rubyman
May 13 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 382406.
May 13 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17245]: pam_unix(cron:session): session closed for user root
May 13 01:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19886]: pam_unix(cron:session): session closed for user samftp
May 13 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session closed for user root
May 13 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 13 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 13 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session opened for user root by (uid=0)
May 13 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session closed for user p13x
May 13 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20353]: Successful su for rubyman by root
May 13 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20353]: + ??? root:rubyman
May 13 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20353]: pam_unix(su:session): session opened for user ruby